[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Owning VirtualBox via MITM

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Owning VirtualBox via MITM
From: "Mark Wadham" <fd@xxxxxx>
Date: Mon, 04 Dec 2017 08:23:52 +0000

VirtualBox downloads extension pack updates over plain HTTP, providing apotential vector for MITM and remote code execution when updating theextension pack.


Full writeup here:

https://m4.rkw.io/blog/owning-virtualbox-via-mitm.html

Mark

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2017-16895 Local root privesc in Arq Backup <= 5.9.7
Next by Date: [FD] SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities
Previous by thread: [FD] CVE-2017-16895 Local root privesc in Arq Backup <= 5.9.7
Next by thread: [FD] SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities
Index(es):
- Date
- Thread