Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5256

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2008-5256
Last Modified 07 Mar 2011 10:14:15
Published 26 Nov 2008 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5256

Summary

The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.

Vulnerable Systems

Application

  • Virtualox 1.3.2

  • Virtualox 1.3.4

  • Virtualox 1.3.6

  • Virtualox 1.3.8

  • Virtualox 1.4.0

  • Virtualox 1.5.0

  • Virtualox 1.5.2

  • Virtualox 1.5.4

  • Virtualox 1.5.6

  • Virtualox 1.6.0

  • Virtualox 1.6.2

  • Virtualox 1.6.4

  • Virtualox 1.6.6

  • Virtualox 2.0.0

  • Virtualox 2.0.2

  • Virtualox 2.0.4


References

CONFIRM - http://www.virtualbox.org/wiki/Changelog

BID - 32444

XF - sun-virtualbox-ipcdunix-symlink(46826)

VUPEN - ADV-2008-3410

CONFIRM - http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810

SECTRACK - 1021384

MANDRIVA - MDVSA-2009:011

SUNALERT - 247326

SECUNIA - 32851

SUSE - SUSE-SR:2009:004

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149


Last Updated: 27 May 2016 10:48:46