On Sun, Jul 24, 2011 at 06:20:33PM +0200, Moritz Muehlenhoff wrote: > Package: virtualbox-ose > Version: 4.0.10-dfsg-1 > Severity: grave > Tags: security > > Does this affect the versions in Debian? > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300
I asked for details on oss-security: From: Dan Rosenberg <dan.j.rosenb...@gmail.com> To: oss-secur...@lists.openwall.com On Tue, Jul 26, 2011 at 11:19 AM, Moritz Muehlenhoff <j...@debian.org> wrote: > Hi, > does anyone have further information on > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300 and > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305 > and whether if affects the open source version of Virtual Box? > These issues were found by Tarjei Mandt, and are described in this blog post: http://mista.nu/blog/author/mista/ CVE-2011-2300 allows gaining elevated privileges within a Windows guest due to a vulnerability in the Windows Guest Additions. CVE-2011-2305 allows executing arbitrary code on the host due to a vulnerability in the VirtualBox graphics stack. Tarjei found these issues via code auditing, so it follows that they affect the open source version of VirtualBox. -Dan Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
