VirtualBox Zeroday

262

Following the news that a security researcher has announced a zeroday in Oracle’s VirtualBox virtualization software, Craig Young, security researcher at Tripwire commented below.

Craig Young, Security Researcher at Tripwire:

“The vulnerability is in the implementation of a virtual Intel E1000 compatible network adapter. The write-up demonstrates how an attacker with permissions to load Linux kernel modules in a Virtual Box guest environment can achieve low-privileged code execution on the host OS which can then be elevated to gain administrative access to the host. Anyone using Virtual Box for accessing untrusted content (malware analysts for example) should immediately review their machine profiles and at least temporarily discontinue use of the E1000 device in favor of the PCNET adapter. Users should avoid running any less than trustworthy applications in any Virtual Box environment with E1000 enabled until Oracle is able to release a fix.”

In this article