Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
30 Jun 2015 Closed High CVSS v2: 8.3 SA97
The Malware Analysis Appliance (MAA) is vulnerable to a virtual machine escape where a sample being analyzed could change content and destination path of files being saved on the host’s file system during analysis. Correct manipulation of the path and content could lead to code execution or denial of service on the MAA host.
The Malware Analysis Appliance (MAA) executes binaries submitted for analysis inside a virtual machine (VM). During analysis, artifacts in the form of files are retrieved from the VM by the host and are written to the host's file system. A binary running in the VM can craft malicious content and specify where it is stored within the host file system.
A sample that has been loaded into MAA can, as a lower privileged user, use this vulnerability to create and overwrite certain files. This could allow an attacker to cause a reboot or a reset to factory defaults. In specialized circumstances, the attacker could execute code as a lower privileged user.
Thank you to Jurriaan Bremer for reporting the vulnerability.
2015-10-02 Changed status to final
2015-07-13 Title Update
2015-06-30 Initial public release
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.