Documents Associated to VirtualBox

New User, Welcome! Login

VirtualBox

CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability

Hash: SHA1

      Core Security Technologies - CoreLabs Advisory
           http://www.coresecurity.com/corelabs/

  Sun xVM VirtualBox Privilege Escalation Vulnerability


*Advisory Information*

Title: Sun xVM VirtualBox Privilege Escalation Vulnerability

[ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities

    -------------------------------------------------------------------
     Package                     /  Vulnerable  /           Unaffected
    -------------------------------------------------------------------
  1  virtualbox-bin                  < 3.0.12                >= 3.0.12
  2  virtualbox-ose                  < 3.0.12                >= 3.0.12
  3  virtualbox-guest-additions      < 3.0.12                >= 3.0.12
  4  virtualbox-ose-additions        < 3.0.12                >= 3.0.12
    -------------------------------------------------------------------
     4 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

[ MDVSA-2010:059 ] virtualbox

 Problem Description:

 A vulnerability has been found and corrected in virtualbox:
 
 Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox
 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun
 VirtualBox before 3.0.10, allows guest OS users to cause a denial
 of service (memory consumption) on the guest OS via unknown vectors
 (CVE-2009-3940).

[ MDVSA-2009:011 ] virtualbox

 Mandriva Linux 2008.0:
 0faad982e37288846205d6d33d590ee1  2008.0/i586/dkms-vboxadd-1.5.0-6.1mdv2008.0.i586.rpm
 ec69afc3908bd606bae77b8422e39558  2008.0/i586/dkms-vboxvfs-1.5.0-6.1mdv2008.0.i586.rpm
 c27d1bd07d9dc67f4cefbdf33472acca  2008.0/i586/dkms-virtualbox-1.5.0-6.1mdv2008.0.i586.rpm
 9964702ee96bcf6c6edf0c31835d20e7  2008.0/i586/virtualbox-1.5.0-6.1mdv2008.0.i586.rpm
 435eb23fb1847074783ee59f21afa05d  2008.0/i586/virtualbox-guest-additions-1.5.0-6.1mdv2008.0.i586.rpm
 dbf4cd4d51e6690ed54a01751d7eb6e3  2008.0/i586/x11-driver-input-vboxmouse-1.5.0-6.1mdv2008.0.i586.rpm
 89984e4e53d3eda593e1a384b97acd14  2008.0/i586/x11-driver-video-vboxvideo-1.5.0-6.1mdv2008.0.i586.rpm 
 d0edb2542a83e4ab966bb9990b9c3a88  2008.0/SRPMS/virtualbox-1.5.0-6.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:

[ MDVSA-2010:034-1 ] kernel

 
   http://www.mandriva.com/en/security/kernelupdate

 Update:

 The virtualbox DKMS modules was not provided with MDVSA-2010:034
 for the Enterprise 5 product. This advisory provides the missing
 virtualbox packages.
 _______________________________________________________________________

 References:

[CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS

# Bug found by  : corelanc0d3r (corelanc0d3r[at]gmail{dot}com)
# Software Link : http://www.tbsoftinc.com/download/tbftpsrv.exe
# Version       : 1.00.712
# Issue fixed in: 1.00.720
# OS            : Windows
# Tested on     : XP SP3 En (VirtualBox)
# Type of vuln  : DoS
# Greetz to     : Corelan Security Team::EdiStrosar/Ricks2600/MarkoT/mr_me/ekse
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!