Security News VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available

[Solarquest]

Content source

https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/

A Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. His explanations include step-by-step instructions for exploiting the bug.

According to the initial details in the disclosure, the issue is present in a shared code base of the virtualization software, available on all supported operating systems.

Exploiting the vulnerability allows an attacker to escape the virtual environment of the guest machine and reach the Ring 3 privilege layer, used for running code from most user programs, with the least privileges.

Turning one "overflow" into another
...
...

 

[SHvFl]

If you use virtualbox to test malware i suggest to stop until it's patched. Now that they have the information some might add it to malware.

 

[Eddie Morra]

Delusion of grandeur and marketing [censored]: naming vulnerabilities and creating websites for them; making a thousand conferences in a year; exaggerating importance of own job as a security researcher; considering yourself "a world saviour". Come down, Your Highness.

I LOL'd at that one.

Anyway, VirtualBox has been getting its ass butt-naked smacked for several years now, and it all goes back to the vulnerable kernel-mode software they once had (or still have?) - and that will always be apart of them now, because anyone can get hold of the old version/s and abuse them on the machine.

Process Hacker, CPU-Z, Zemana Anti-Malware (?) and now SOPHOS's HitmanPro.Alert are right up on the list with them.

 

[509322]

I LOL'd at that one.

Anyway, VirtualBox has been getting its ass butt-naked smacked for several years now, and it all goes back to the vulnerable kernel-mode software they once had (or still have?) - and that will always be apart of them now, because anyone can get hold of the old version/s and abuse them on the machine.

Process Hacker, CPU-Z, Zemana Anti-Malware (?) and now SOPHOS's HitmanPro.Alert are right up on the list with them.

I gotta point out that CISCO IOS gets routinely smashed with all of its vulnerabilities. It's every bit as bad as Adobe Flash or similar. The exploits are endless.

 

[SHvFl]

I LOL'd at that one.

Anyway, VirtualBox has been getting its ass butt-naked smacked for several years now, and it all goes back to the vulnerable kernel-mode software they once had (or still have?) - and that will always be apart of them now, because anyone can get hold of the old version/s and abuse them on the machine.

Process Hacker, CPU-Z, Zemana Anti-Malware (?) and now SOPHOS's HitmanPro.Alert are right up on the list with them.

You forgot malwarebytes. I hear from a bird they also suck often.

 

[RoboMan]

Dang, bad news indeed. Seems like something that will take a long time to patch...

 

[Solarquest]

Security Researcher Drops VirtualBox Guest-to-Host Escape Zero-Day on GitHub
...
...
"Until the patched VirtualBox build is out you can change the network card of your virtual machines to PCnet (either of two) or to Paravirtualized Network. If you can't, change the mode from NAT to another one. The former way is more secure."
..

 

[Andy Ful]

We will never see this exploit in the wild. It is not profitable for malc0ders. Virtual Box is commonly used by malware researchers and AV testers. There are those people who malc0ders avoid in the first place.

 

[silversurfer]

VirtualBox 5.2.22 (released November 09 2018) Changelog – Oracle VM VirtualBox

This is a maintenance release. The following items were fixed and/or added:

• Audio: fixed a regression in the Core Audio backend causing a hang when returning from host sleep when processing input buffers
• Audio: fixed a potential crash in the HDA emulation if a stream has no valid mixer sink attached -- thanks to Rink Springer (rink@…)
• Windows hosts: fixed an incompatibility with recent versions of Windows 10 (bug #17977)
• Windows hosts: fixed a number of brigded networking driver crashes (bug #18046)
• Linux Additions: disable 3D for recent guests using Wayland (bug #18116)
• Linux Additions: fix for rebuilding kernel modules for new kernels on RPM guests
• Linux Additions: further fixes for Linux 4.19
• Linux Additions: fixed errors rebuilding initrd files with dracut on EL 6 (bug 18055#)
• Linux Additions: fixed 5.2.20 regression: guests not remembering the screen size after shutdown and restart (bug #18078)