Featured Slideshow
Malware funnels smartcard PINs to remote servers
Thursday, November 15, 2012
Posted by l33tdawg
Viruses & Malware
2 comment(s)
A researcher has developed malware capable of remotely stealing two factor PINs generated by USB smartcards.The malware was unique in that it used a driver to access the USB port and ship PINs stolen... read more
For Sale: Cheap access to corporate computers
Thursday, November 15, 2012
Posted by l33tdawg
Security
0 comment(s)
Cybercriminals are openly selling illegal access to the computer networks of many of the world's biggest companies.For only a few pounds or dollars, fraudsters and scammers can get the login in... read more
Obama signs security cyber-operations guidelines
Thursday, November 15, 2012
Posted by l33tdawg
GOV, Industry News, Security, US
0 comment(s)
President Barack Obama has signed a classified directive laying out new guidelines for cyber-operations that national security planners can use to protect U.S. computer networks from attack, a senior... read more
Malware identified as latest OS X trojan targeting Tibetan activists
Thursday, November 15, 2012
Posted by l33tdawg
Apple, Tibet, Viruses & Malware
0 comment(s)
A new variant of Mac malware Imuler has been identified targeting Tibetan activists. The discovery was made by Bellevue, Wash.-based Apple platform security vendor Intego Inc.According to a blog post... read more
Dropbox hits 100 million users
Thursday, November 15, 2012
Posted by l33tdawg
Dropbox, Industry News
0 comment(s)
Dropbox has announced that it has reached 100 million users, an impressive number to be sure. For comparison's sake, here's Wikipedia's list of virtual communities with more than 100 million... read more
You are here
Home › VUPEN Exploit Enables Virtual Machine Escape
VUPEN Exploit Enables Virtual Machine Escape
Submitted by l33tdawg on Fri, 2012-09-07 01:28
Tweet
Credit: VUPEN
VUPEN Security has detailed how to exploit a critical memory corruption vulnerability in Xen hypervisors to break out of virtual machines and execute code.
The attack leverages a now-patched vulnerability discovered by researchers Rafal Wojtczuk of Bromium and Jan Beulich of SUSE Linux and demonstrated earlier this year at the Black Hat security conference. The vulnerability, CVE-2012-0217, exists because the system-call functionality in Xen 4.1.2 and earlier, when running on an Intel processor, improperly uses the sysret path in cases where a certain address is not a canonical address, resulting in local users being able to gain privileges via a "crafted application," according to an advisory for the issue. In the case of France-based VUPEN, exploitation has been achieved under a 64-bit Linux PV guest running on Citrix XenServer 6.0.0 with Xen version 4.1.1.
In order to trigger the bug, explained VUPEN Security Researcher Jordan Gruskovnjak, one has to map memory close to a non-canonical address and perform a SYSCALL instruction in such a way that the address of the instruction after the SYSCALL instruction will point inside a non-canonical address.
- Log in or register to post comments
- 1146 reads
You May Also Like
Vupen claims to have found zero day Windows 8 exploit
Thu, 2012-11-01 23:03
Microsoft Pressured To Patch Zero Day As VUPEN Creates Serious Exploit
Thu, 2012-06-21 18:01
For Sale: Cheap access to corporate computers
Thu, 2012-11-15 00:54