Executive Summary
Summary | |
---|---|
Title | Sun Alert 247326 Insecure Temporary File Creation Security Vulnerability in Sun xVM VirtualBox |
Informations | |||
---|---|---|---|
Name | SUN-247326 | First vendor Publication | 2008-12-10 |
Vendor | Sun | Last vendor Modification | 2008-12-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun xVM VirtualBox 2.0 An insecure temporary file creation security vulnerability in Sun xVM VirtualBox may allow a local unprivileged user to create or overwrite arbitrary files, with the access privileges of the user running the VirtualBox. Sun acknowledges with thanks, Debian for bringing this issue to our attention. This issue is referenced in the following document: CVE-2008-5256 at http://www.security-database.com/detail.php?cve=CVE-2008-5256 State: Resolved First released: 10-Dec-2008 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_247326_insecure_temporary |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:011 (virtualbox) File : nvt/mdksa_2009_011.nasl |
2009-01-20 | Name : Ubuntu USN-708-1 (hplip) File : nvt/ubuntu_708_1.nasl |
2008-12-10 | Name : Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Linux) File : nvt/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl |
2008-12-10 | Name : Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Win) File : nvt/secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50152 | Sun VirtualBox ipcdUnix.cpp AcquireDaemonLock() Function Temporary File Symli... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_virtualbox-090209.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-011.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote openSUSE host is missing a security update. File : suse_virtualbox-5990.nasl - Type : ACT_GATHER_INFO |