|Jun 13, 2012, 11:33 PM||#1|
Join Date: May 2010
Posts: 1,226 (1.08/day)
Thanked 253 Times in 195 Posts
US-CERT warns of guest-to-host VM escape vulnerability
Summary: The vulnerability affects 64-bit operating systems and virtualization software running on Intel CPU hardware.
The U.S. Computer Emergency Readiness Team (CERT) has issued an alert for a dangerous guest-to-host virtual machine escape vulnerability affecting virtualization software from multiple vendors.
The vulnerability, which affects 64-bit operating systems and virtualization software running on Intel CPU hardware, exposes users to local privilege escalation attack or a guest-to-host virtual machine escape.
From the advisory:
A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.
Affected vendors include Intel Corp., FreeBSD, Microsoft, NetBSD, Oracle, RedHat, SUSE Linux and Xen.
The US-CERT advisory contains a full list of affected software and links to vendor-supplied patches.
VMWare says its products are not affected by this issue.
System:Intel i5 3570K @ 3.4Ghz//ASRock Z77 Pro3//Coolemaster Hyper 212 Evo//16GB Corsair XMS3//EVGA Nvidia GTX 650Ti SSC 1GB//128GB Samsung 840 SSD/1.5TB Seagate HDD//Antec Three Hundred Two//620w Antec High Current Gamer HCG-620M//Windows Server 2012 x64 Standard
Misc:Samsung SyncMaster P2350 23in@1920x1080+LG Flatron 19in 1440x900//IoSafe Fireproof ext 500GB HDD//Amped Wireless R20000G high power router//APC BackUPS XS1000 UPS
Websites: AGNXNetworks//RemixedCat's Place Of Meow Blog
|Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Fraudulent SSL cert minted for Firefox addons site||qubit||Networking & Security||2||Sep 1, 2011 10:47 AM|
|How to test escape key?||OrbitzXT||General Hardware||5||Jun 12, 2010 08:52 PM|
|Looking for someone who uses Blue Host or Monster Host for their website||reverze||Programming & Webmastering||4||Jun 11, 2010 03:09 AM|