Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-2525 PoC — Oracle Virtualization VM VirtualBox 访问控制错误漏洞

Source
https://github.com/Phantomn/VirtualBox_CVE-2019-2525-CVE-2019-2548
Associated Vulnerability
Title:Oracle Virtualization VM VirtualBox 访问控制错误漏洞 (CVE-2019-2525)
Description:Oracle Virtualization是美国甲骨文(Oracle)公司的一套虚拟化解决方案。该方案用于统一管理从应用程序到磁盘的整个硬件和软件体系,可实现从桌面到数据中心的虚拟化。VM VirtualBox是其中的一个虚拟机组件。 Oracle Virtualization中的VM VirtualBox组件5.2.24之前版本和6.0.2之前版本的Core子组件存在安全漏洞。攻击者可利用该漏洞未授权访问数据,影响数据的保密性。
Readme
# VirtualBox 3D PoCs & exploits

*Author*: [@_niklasb](https://twitter.com/_niklasb)

[Overview article](https://phoenhex.re/2018-07-27/better-slow-than-sorry).

[License](https://github.com/niklasb/3dpwn/blob/master/LICENSE)

## Exploits

See the subdirectories other than `lib`.

## Debug build

For Arch Linux, you can use the provided PKGBUILD in `archpkg` to get a debug version of
5.2.18, with the 3D security fixes from July 2018 reverted.

## Library

`lib/hgcm.py` and `lib/chromium.py` provide high-level access to the HGCM interface and
to the `VBoxSharedCrOpenGL` service, via `VBoxGuest` IOCTLs.
`chromium.py` can be used to very easily experiment with Chromium from Python
inside the guest. I used it to build a very simple, completely dumb fuzzer that
found multiple trivial crashes in minutes.
File Snapshot

 [4.0K]  /data/pocs/a8d2795a2be0ebe2190c9abd5758e305e0db8cee
├── [4.0K]  archpkg
│   ├── [4.0K]  5.2.22_with_reverted_security_fixes
│   │   ├── [1.2K]  002-dri-driver-path.patch
│   │   ├── [ 872]  005-gsoap-build.patch
│   │   ├── [ 737]  006-rdesktop-vrdp-keymap-path.patch
│   │   ├── [ 698]  008-no-vboxvideo.patch
│   │   ├── [3.5K]  009-include-path.patch
│   │   ├── [ 625]  010-qt-5.11.patch
│   │   ├── [1.2K]  012-vboxsf-automount.patch
│   │   ├── [ 336]  013-assert.patch
│   │   ├── [ 573]  014-fixes.patch
│   │   ├── [ 16K]  015-revertogl.patch
│   │   ├── [ 776]  60-vboxdrv.rules
│   │   ├── [ 161]  60-vboxguest.rules
│   │   ├── [  58]  build.sh
│   │   ├── [ 894]  LocalConfig.kmk
│   │   ├── [ 500]  mount.vboxsf
│   │   ├── [ 17K]  PKGBUILD
│   │   ├── [ 378]  README.md
│   │   ├── [1.2K]  vboxreload
│   │   ├── [ 239]  vboxservice-nox.service
│   │   ├── [ 281]  vboxservice.service
│   │   ├── [ 221]  vboxweb.service
│   │   ├── [ 665]  virtualbox-ext-vnc.install
│   │   ├── [1.1K]  virtualbox-guest-dkms.conf
│   │   ├── [ 337]  virtualbox-guest-dkms.install
│   │   ├── [  15]  virtualbox-guest-utils.sysusers
│   │   ├── [1.1K]  virtualbox-host-dkms.conf
│   │   ├── [ 337]  virtualbox-host-dkms.install
│   │   ├── [ 327]  virtualbox.install
│   │   ├── [  18]  virtualbox.sysusers
│   │   └── [ 289]  virtualbox-vboxsf-dkms.conf
│   ├── [4.0K]  6.0.2_debug
│   │   ├── [1.2K]  002-dri-driver-path.patch
│   │   ├── [ 872]  005-gsoap-build.patch
│   │   ├── [ 665]  006-rdesktop-vrdp-keymap-path.patch
│   │   ├── [ 698]  008-no-vboxvideo.patch
│   │   ├── [3.5K]  009-include-path.patch
│   │   ├── [ 587]  011-python-3-7.patch
│   │   ├── [ 711]  012-vbglR3GuestCtrlDetectPeekGetCancelSupport.patch
│   │   ├── [ 336]  013-assert.patch
│   │   ├── [1.2K]  101-vboxsf-automount.patch
│   │   ├── [ 776]  60-vboxdrv.rules
│   │   ├── [ 161]  60-vboxguest.rules
│   │   ├── [  58]  build.sh
│   │   ├── [ 997]  LocalConfig.kmk
│   │   ├── [ 500]  mount.vboxsf
│   │   ├── [ 16K]  PKGBUILD
│   │   ├── [1.2K]  vboxreload
│   │   ├── [ 239]  vboxservice-nox.service
│   │   ├── [ 281]  vboxservice.service
│   │   ├── [ 221]  vboxweb.service
│   │   ├── [ 665]  virtualbox-ext-vnc.install
│   │   ├── [1.1K]  virtualbox-guest-dkms.conf
│   │   ├── [ 337]  virtualbox-guest-dkms.install
│   │   ├── [  15]  virtualbox-guest-utils.sysusers
│   │   ├── [1.1K]  virtualbox-host-dkms.conf
│   │   ├── [ 337]  virtualbox-host-dkms.install
│   │   ├── [ 327]  virtualbox.install
│   │   ├── [  18]  virtualbox.sysusers
│   │   └── [ 298]  virtualbox-vboxsf-dkms.conf
│   └── [ 171]  README.md
├── [4.0K]  CVE-2018-3055+3085
│   ├── [8.8K]  exploit.py
│   ├── [2.8K]  README.md
│   └── [1.3K]  trigger-CVE-2018-3085.py
├── [4.2K]  ex.py
├── [4.0K]  lib
│   ├── [2.5K]  chromium.py
│   ├── [2.8K]  chromium.pyc
│   ├── [ 11K]  hgcm.py
│   ├── [6.4K]  hgcm.pyc
│   ├── [ 20K]  opcodes.py
│   └── [ 25K]  opcodes.pyc
├── [1.5K]  LICENSE
└── [ 810]  README.md

5 directories, 71 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.