CVE-2008-5256

Executive Summary

Informations
Name	CVE-2008-5256	First vendor Publication	2008-11-26
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.4	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5256

CWE : Common Weakness Enumeration

id	Name
CWE-59	Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Virtualox Virtualox cpe:/a:virtualox:virtualox:2.0.4 cpe:/a:virtualox:virtualox:2.0.2 cpe:/a:virtualox:virtualox:2.0.0 cpe:/a:virtualox:virtualox:1.6.6 cpe:/a:virtualox:virtualox:1.6.4 cpe:/a:virtualox:virtualox:1.6.2 cpe:/a:virtualox:virtualox:1.6.0 cpe:/a:virtualox:virtualox:1.5.6 cpe:/a:virtualox:virtualox:1.5.4 cpe:/a:virtualox:virtualox:1.5.2 cpe:/a:virtualox:virtualox:1.5.0 cpe:/a:virtualox:virtualox:1.4.0 cpe:/a:virtualox:virtualox:1.3.8 cpe:/a:virtualox:virtualox:1.3.6 cpe:/a:virtualox:virtualox:1.3.4 cpe:/a:virtualox:virtualox:1.3.2	16

Open Source Vulnerability Database (OSVDB)

id	Description
50152	Sun VirtualBox ipcdUnix.cpp AcquireDaemonLock() Function Temporary File Symli...

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/32444
CONFIRM	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149 http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%... http://www.virtualbox.org/wiki/Changelog
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2009:011
SECTRACK	http://www.securitytracker.com/id?1021384
SECUNIA	http://secunia.com/advisories/32851
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-247326-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
VUPEN	http://www.vupen.com/english/advisories/2008/3410
XF	http://xforce.iss.net/xforce/xfdb/46826

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:31:21	Multiple Updates

Type	Count
CPE ID(s)	16
osvdb(s)	1

Related	Severity
SUN-247326	(Medium)
MDVSA-2009:011	(Medium)

CVE-2008-5256

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU