[Pkg-virtualbox-devel] Bug#760569: Virtualbox lets any user mess with system's network configuration

Evgeny Kapun abacabadabacaba at gmail.com
Fri Sep 5 13:05:52 UTC 2014


Package: virtualbox
Version: 4.3.14-dfsg-1
Tags: security

Virtualbox lets any local user create and configure network interfaces (vboxnet*), and also send and receive traffic through them. It also lets users bridge their VMs to other network interfaces. Normally, such operations are reserved for users with CAP_NET_ADMIN capability for a good reason. Such actions can be used to disrupt other users' communications, capture their network traffic and even perform MITM attacks against them.



More information about the Pkg-virtualbox-devel mailing list