oss-sec mailing list archives
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ?
From: Moritz Mühlenhoff <jmm () inutil org>
Date: Tue, 26 Jul 2011 22:12:55 +0200
On Tue, Jul 26, 2011 at 11:26:29AM -0400, Dan Rosenberg wrote:
On Tue, Jul 26, 2011 at 11:19 AM, Moritz Muehlenhoff <jmm () debian org> wrote:Hi, does anyone have further information on http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305 and whether if affects the open source version of Virtual Box?These issues were found by Tarjei Mandt, and are described in this blog post: http://mista.nu/blog/author/mista/ CVE-2011-2300 allows gaining elevated privileges within a Windows guest due to a vulnerability in the Windows Guest Additions. CVE-2011-2305 allows executing arbitrary code on the host due to a vulnerability in the VirtualBox graphics stack. Tarjei found these issues via code auditing, so it follows that they affect the open source version of VirtualBox.
Thanks, adding MITRE to CC:, so that they can update the descriptions
of the entries.
Cheers,
Moritz
Current thread:
- Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Muehlenhoff (Jul 26)
- Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg (Jul 26)
- Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Mühlenhoff (Jul 26)
- Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg (Jul 26)