There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
| # Ubuntu | |
| dmesg | |
| sudo dmesg --clear | |
| sudo cat /var/log/kern.log | grep usb | |
| sudo rm -rf /var/log/kern* | |
| #old log files | |
| sudo zcat /var/log/kern.log.2.gz | grep usb | |
| sudo cat /var/log/syslog | grep usb |
| # install dependencies | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential | |
| sudo apt-get install -y cmake | |
| sudo apt-get install -y libgtk2.0-dev | |
| sudo apt-get install -y pkg-config | |
| sudo apt-get install -y python-numpy python-dev | |
| sudo apt-get install -y libavcodec-dev libavformat-dev libswscale-dev | |
| sudo apt-get install -y libjpeg-dev libpng-dev libtiff-dev libjasper-dev | |
| # --------------------------------------------------------------------------- | |
| # | |
| # Description: This file holds all my BASH configurations and aliases | |
| # | |
| # Sections: | |
| # 1. Environment Configuration | |
| # 2. Make Terminal Better (remapping defaults and adding functionality) | |
| # 3. File and Folder Management | |
| # 4. Searching | |
| # 5. Process Management |
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) | |
| # The author disclaims copyright to this source code. | |
| import sys | |
| import struct | |
| import socket | |
| import time | |
| import select |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) | |
| # The author disclaims copyright to this source code. | |
| import sys | |
| import struct | |
| import socket | |
| import time | |
| import select | |
| import re | |
| import codecs |
