Executive Summary

Informations
NameCVE-2008-5256First vendor Publication2008-11-26
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score4.4Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5256

CWE : Common Weakness Enumeration

idName
CWE-59Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application16

OpenVAS Exploits

DateDescription
2009-06-05Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-02-18Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-01-20Name : Ubuntu USN-708-1 (hplip)
File : nvt/ubuntu_708_1.nasl
2009-01-20Name : Mandrake Security Advisory MDVSA-2009:011 (virtualbox)
File : nvt/mdksa_2009_011.nasl
2008-12-10Name : Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Linux)
File : nvt/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl
2008-12-10Name : Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Win)
File : nvt/secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
50152Sun VirtualBox ipcdUnix.cpp AcquireDaemonLock() Function Temporary File Symli...

Nessus® Vulnerability Scanner

DateDescription
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_virtualbox-090209.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-011.nasl - Type : ACT_GATHER_INFO
2009-02-13Name : The remote openSUSE host is missing a security update.
File : suse_virtualbox-5990.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/32444
CONFIRMhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149
http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%...
http://www.virtualbox.org/wiki/Changelog
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:011
SECTRACKhttp://www.securitytracker.com/id?1021384
SECUNIAhttp://secunia.com/advisories/32851
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-26-247326-1
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
VUPENhttp://www.vupen.com/english/advisories/2008/3410
XFhttp://xforce.iss.net/xforce/xfdb/46826

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:47:24
  • Multiple Updates
2013-05-11 00:31:21
  • Multiple Updates