Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3431

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-3431
Last Modified 07 Mar 2011 10:10:49
Published 05 Aug 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3431

Summary

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

Vulnerable Systems

Application

  • Sun Xvm Virtualbox 1.3.2

  • Sun Xvm Virtualbox 1.3.4

  • Sun Xvm Virtualbox 1.3.6

  • Sun Xvm Virtualbox 1.3.8

  • Sun Xvm Virtualbox 1.4.0

  • Sun Xvm Virtualbox 1.5.0

  • Sun Xvm Virtualbox 1.5.2

  • Sun Xvm Virtualbox 1.5.4

  • Sun Xvm Virtualbox 1.5.6

  • Sun Xvm Virtualbox 1.6.0

  • Sun Xvm Virtualbox 1.6.2


References

XF - sun-xvmvirtualbox-privilege-escalation(44202)

VUPEN - ADV-2008-2293

BID - 30481

BUGTRAQ - 20080804 CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability

MILW0RM - 6218

MISC - http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerability

CONFIRM - http://virtualbox.org/wiki/Changelog

SUNALERT - 240095

SECTRACK - 1020625

SREASON - 4107

SECUNIA - 31361


Last Updated: 27 May 2016 10:48:12