Summary
This host is installed with Sun xVM VirtualBox and is prone to Insecure Temporary Files vulnerability.
Impact
Successful exploitation will let the attacker perform malicious actions with the escalated previleges.
Impact Level: Application
Solution
Upgrade to the latest version 2.0.6 or above.
http://www.virtualbox.org/wiki/Downloads
Insight
Error is due to insecured handling of temporary files in the 'AcquireDaemonLock' function in ipcdUnix.cpp. This allows local users to overwrite arbitrary files via a symlink attack on a '/tmp/.vbox-$USER-ipc/lock' temporary file.
Affected
Sun xVM VirutalBox version prior to 2.0.6 versions on all Linux platforms.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5256 -
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)