Posted by Wolfgang on Jan 27

Privilege Escalation in VirtualBox (CVE-2017-3316)

== [ Overview ] ===

System affected: VirtualBox
Software-Version: prior to 5.0.32, prior to 5.1.14
User-Interaction: Required
Impact: A Man-In-The-Middle could infiltrate an
Extension-Pack-Update to gain a root-shell

=== [ Detailed description ] ===

In my research about update mechanism of open-source software I found
vulnerabilities in Oracle’s VirtualBox. It’s…