7.2 - SUN-240095

Executive Summary

Summary
Title	Sun Alert 240095 A Security Vulnerability in 'VBoxDrv.sys' driver of Sun xVM VirtualBox 1.6 may lead to Arbitrary Code Execution or Denial of Service (DoS)

Informations
Name	SUN-240095	First vendor Publication	2008-08-05
Vendor	Sun	Last vendor Modification	2008-08-05
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun xVM VirtualBox 1.6 (Windows version)

A security vulnerability in the 'VBoxDrv.sys' driver shipped with Sun xVM VirtualBox 1.6.0/1.6.2 may allow a local unprivileged user to execute arbitrary code on the system or cause a system panic. The ability to cause system panic is a type of Denial of Service (DoS).

Sun acknowledges with thanks, Anibal Sacco of Core Security Technologies for bringing this issue to our attention.

This issue is described in the following document:

????????????????http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerability

State: Resolved

First released: 05-Aug-2008

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-240095-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_240095_a_security

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Xvm Virtualbox cpe:2.3:a:sun:xvm_virtualbox:1.6.2:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.6.0:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.6:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.5.6:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.5.4:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.5.2:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.5.0:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.4.0:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.3.8:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.3.6:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.3.4:::::::* cpe:2.3:a:sun:xvm_virtualbox:1.3.2:::::::* cpe:2.3:a:sun:xvm_virtualbox::2.1::::::*	13

ExploitDB Exploits

id	Description
2008-08-10	Sun xVM VirtualBox < 1.6.4 Privilege Escalation Vulnerability PoC

Open Source Vulnerability Database (OSVDB)

Id	Description
47424	Sun xVM VirtualBox VBoxDrv.sys VBoxDrvNtDeviceControl Function IOCTL Request ...

Nessus® Vulnerability Scanner

Date	Description
2008-08-05	Name : The remote Windows host has an application that is affected by a local privil... File : virtualbox_1_6_4.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	13
osvdb(s)	1
ExploitDB Exploit(s)	1
Nessus® Exploit(s)	1

	Related
7.2	CVE-2008-3431
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.2 - SUN-240095

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

ExploitDB Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU