[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5256Date: (C)2008-11-26   (M)2023-12-22


The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1021384
SUNALERT-247326
BID-32444
SECUNIA-32851
ADV-2008-3410
MDVSA-2009:011
SUSE-SR:2009:004
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149
http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810
http://www.virtualbox.org/wiki/Changelog
sun-virtualbox-ipcdunix-symlink(46826)

CWE    1
CWE-59
OVAL    1
oval:org.secpod.oval:def:300851

© SecPod Technologies