VirtualBox: Exploit for 0-day vulnerability

VirtualboxBad news messages for users of the Oracle virtualization solution Virtualbox up to version 5.2.20. There is a 0-day vulnerability in the E1000 network component. Unfortunately, an exploit for this vulnerability has also become public. So if you use Virtualbox, you should react and adjust the network configuration.


Advertising


The person who has discovered of the vulnerability has published the details on GitHub. He is probably quite frustrated with how reported bugs are handled by Oracle. Therefore, he has decided to make full disclosure.

The vulnerarbility

There is an unpatched vulnerability in VirtualBox 5.2.20 (released on October 16, 2018) and earlier versions. This affects every host and guest operating system because the bug is in the shared code base.

The 0-day vulnerability can be exploited, if an Intel PRO/1000 MT Desktop (82540EM) network card is configured in the VM configuration in conjunction with the NAT network mode. This combination, referred to as E1000 in the GitHub article, has a vulnerability.

The vulnerability allows an attacker with root/administrator privileges on a guest system to break out of a guest system and enter the host string. Then the attacker can use existing techniques to increase privileges and reach ring 0 via /dev/vboxdrv.

The attack scenario is described for interested blog readers in the Github post. However, it is usually sufficient to use the workaround described below and reconfigure the network interface to solve the problem.


Advertising

Mitigating this vulnerability

Until a patched VirtualBox build is available, users can change the network card of a virtual machine to PCnet or Paravirtualized Network. If this is not possible, you should not use NAT mode.

Virtualbox Netzwerk

Details may be found at GitHub and at Bleeping Computer.


Advertising


This entry was posted in Security, Virtualization and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *