oss-sec mailing list archives
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ?
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Tue, 26 Jul 2011 11:26:29 -0400
On Tue, Jul 26, 2011 at 11:19 AM, Moritz Muehlenhoff <jmm () debian org> wrote:
Hi, does anyone have further information on http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305 and whether if affects the open source version of Virtual Box?
These issues were found by Tarjei Mandt, and are described in this blog post: http://mista.nu/blog/author/mista/ CVE-2011-2300 allows gaining elevated privileges within a Windows guest due to a vulnerability in the Windows Guest Additions. CVE-2011-2305 allows executing arbitrary code on the host due to a vulnerability in the VirtualBox graphics stack. Tarjei found these issues via code auditing, so it follows that they affect the open source version of VirtualBox. -Dan
Current thread:
- Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Muehlenhoff (Jul 26)
- Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg (Jul 26)
- Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Mühlenhoff (Jul 26)
- Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg (Jul 26)