[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Information on CVE-2011-2300/CVE-2011-2305 for
From:       Moritz_Mühlenhoff <jmm () inutil ! org>
Date:       2011-07-26 20:12:55
Message-ID: 20110726201254.GA28754 () pisco ! westfalen ! local
[Download RAW message or body]

On Tue, Jul 26, 2011 at 11:26:29AM -0400, Dan Rosenberg wrote:
> On Tue, Jul 26, 2011 at 11:19 AM, Moritz Muehlenhoff <jmm@debian.org> wrote:
> > Hi,
> > does anyone have further information on
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300 and
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305
> > and whether if affects the open source version of Virtual Box?
> >
> 
> These issues were found by Tarjei Mandt, and are described in this blog post:
> http://mista.nu/blog/author/mista/
> 
> CVE-2011-2300 allows gaining elevated privileges within a Windows
> guest due to a vulnerability in the Windows Guest Additions.
> CVE-2011-2305 allows executing arbitrary code on the host due to a
> vulnerability in the VirtualBox graphics stack.
> 
> Tarjei found these issues via code auditing, so it follows that they
> affect the open source version of VirtualBox.

Thanks, adding MITRE to CC:, so that they can update the descriptions
of the entries.

Cheers,
        Moritz
[prev in list] [next in list] [prev in thread] [next in thread]