Sun XVM VirtualBox Insecure Temporary Files Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Sun xVM VirtualBox and is prone to Insecure Temporary Files vulnerability.

Impact

Successful exploitation will let the attacker perform malicious actions with the escalated previleges. Impact Level: Application

Solution

Upgrade to the latest version 2.0.6 or above. http://www.virtualbox.org/wiki/Downloads

Insight

Error is due to insecured handling of temporary files in the 'AcquireDaemonLock' function in ipcdUnix.cpp. This allows local users to overwrite arbitrary files via a symlink attack on a TMP/.vbox-$USER-ipc/lock temporary file.

Affected

Sun xVM VirutalBox version prior to 2.0.6 versions on all Windows platforms.

References

http://secunia.com/Advisories/32851

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5256
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
Apache /server-status accessible
Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)

Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Win)

Take action and discover your vulnerabilities