CVE-2013-3792: virtio-net host DoS vulnerability
Bug #1204185 reported by
Felix Geyer
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Virtualbox |
Fix Released
|
Unknown
|
|||
| virtualbox (Debian) |
Fix Released
|
Unknown
|
|||
| virtualbox (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Raring |
Fix Released
|
Undecided
|
Unassigned | ||
| Saucy |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error and can be exploited to render the host network connection and the virtual machine instance unresponsive by issuing e.g. the "tracepath" command.
Successful exploitation requires the target virtual machine to be equipped with a paravirtualised network adapter (virtio-net).
Related branches
CVE References
Revision history for this message
| Felix Geyer (debfx) wrote | #1 |
| information type: | Public → Public Security |
| Changed in virtualbox (Ubuntu Saucy): | |
| status: | New → Fix Released |
| Changed in virtualbox: | |
| status: | Unknown → Fix Released |
| Changed in virtualbox (Debian): | |
| status: | Unknown → Fix Released |
Revision history for this message
| Felix Geyer (debfx) wrote | #2 |
| Changed in virtualbox (Ubuntu Raring): | |
| status: | New → Confirmed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in virtualbox (Ubuntu Raring): | |
| status: | Confirmed → Fix Released |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #4 |
To post a comment you must log in.
4.2.10 (raring) is the only affected version in Ubuntu.