Sun XVM VirtualBox Insecure Temporary Files Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with Sun xVM VirtualBox and is prone to Insecure Temporary Files vulnerability.

Impact

Successful exploitation will let the attacker perform malicious actions with the escalated previleges. Impact Level: Application

Solution

Upgrade to the latest version 2.0.6 or above. http://www.virtualbox.org/wiki/Downloads

Insight

Error is due to insecured handling of temporary files in the 'AcquireDaemonLock' function in ipcdUnix.cpp. This allows local users to overwrite arbitrary files via a symlink attack on a '/tmp/.vbox-$USER-ipc/lock' temporary file.

Affected

Sun xVM VirutalBox version prior to 2.0.6 versions on all Linux platforms.

References

http://secunia.com/Advisories/32851
http://www.virtualbox.org/wiki/Changelog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5256

CVSS	Base Score: 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
Apple Safari 'background' Remote Denial Of Service Vulnerability
Apache Tomcat Multiple Vulnerabilities - 02 Mar14
Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability

Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Linux)

Take action and discover your vulnerabilities