Response from our finder:

I’ve saw that they’re replied to this bug and deemed it not a security
issue. I don’t agree with that, as their reason is they’re saying bxrc
is a config file. Of course it is, but it’s part of the packaging for a
virtual machine.

Example: If I packaged up a test.img with a malicious test.bxrc, got an
user to download my TestOS package and run it in Bochs, the target could
be exploited.

I don’t see much difference between a VMware VMX file and a Bochs BXRC
file, both are vm config files and if these issues were present VMware’s
parsing of a VMX file, they’d treat it (as they have in the past) as a
serious security issue:

http://osvdb.com/search/search?search%5Bvuln_title%5D=vmware+vmx&search%5Btext_type%5D=alltext&search%5Brefid%5D=&search%5Breferencetypes%5D=&kthx=search

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313194

Title:
  Bochs Multiple Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bochs/+bug/1313194/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to