|
prushik on 8 Nov 2018 11:56:31 -0800
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] new virtualbox exploit
|
- From: prushik@gmail.com
- To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Subject: Re: [PLUG] new virtualbox exploit
- Date: Thu, 08 Nov 2018 14:56:21 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:from:message-id; bh=sXwsoLGZQKKGIsx4JCfN0D519V4adoJnbw/OM+DWmRE=; b=LAAXYPcFaZeErydkvxdaZDeWqRvFt5QhMXwbexvOJYG9lISnOv56dh+RkcnQUFglni G8pjcTo89cq1dv/0yUKtS6rezZ2OLk4DtbCx+DXSXsFmJRdaejqYYLjwg48gfLiCWgOr nZw4fET8HF7BUcwJkXz/ezgUoM1bm3ZlSSwrsm81CMBG/MPgkf0ioepuChDTrtbN0grq cPeqsWUq36N1h8DVakpHMcIltCvLBTdNYZBAjrk2qnDoGHgpmDEyvQPwSAElnwCOrHId GvozNrqbNEU2q5/wIbVqJMY/iaENekn8ZimmF5PyIc/2cMbseIzqKDV07rtzSBJa7mwQ xaIA==
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: K-9 Mail for Android
On November 8, 2018 1:55:50 PM EST, jeff <jeffv@op.net> wrote:
>the guy who found it flipped out and released this before submitting to
>Oracle.
Exactly the way all vulnerabilities should be released. Wish more peeps would do this. #informationfreedom
This is just a vm escape though. the attacker needs root on the guest, and only gets to the host with non-root user permissions. By itself, this probably isn't a very serious vulnerability.
- Phil
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug