-->

  SecPod ID: 10087                                            Status: Public Report
  VirtualBox "AcquireDaemonLock()" Insecure Temporary Files   Severity: Medium
  Vulnerability                                               Release Date: 12-12-2008
                                                              CVSS Base Score: 4.4 (AV:L/AC:M/Au:NR/C:P/I:P/A:P)
                                                              CVSS Temporal Score  = 3.2
                                                              Impact Level:  Application

  Affected Software/OS/Device:
  - Sun xVM VirutalBox version prior to 2.0.6 versions

  OpenVAS Plugin ID: 900407  900408
  Snort Signature ID:
  OVAL ID: 

  Vulnerability Insight:

  Overview:
  Sun xVM VirtualBox is prone to Insecure Temporary Files vulnerability.

  Description:
  This error is due to insecured handling of temporary files in the 'AcquireDaemonLock'
  function in ipcdUnix.cpp. These can allows local users to overwrite arbitrary files
  via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.

  Impact:
  Successful exploitation will let the attacker perform malicious actions
  with the escalated previleges.

  CVSS Score Report:
      ACCESS_VECTOR = NETWORK
      ACCESS_COMPLEXITY = MEDIUM
      AUTHENTICATION = NOT_REQUIRED
      CONFIDENTIALITY_IMPACT = PARTIAL
      INTEGRITY_IMPACT = PARTIAL
      AVAILABILITY_IMPACT = PARTIAL
      EXPLOITABILITY = UNPROVEN
      REMEDIATION_LEVEL = OFFICIAL_FIX
      REPORT_CONFIDENCE = CONFIRMED
      CVSS Base Score = 4.4 (AV:L/AC:M/Au:NR/C:P/I:P/A:P)
      CVSS Temporal Score = 3.2
      Risk factor = Medium

  Fix:
  Upgrade to the latest version 2.0.6 or above,
  http://www.virtualbox.org/wiki/Downloads

  References: 
  http://www.virtualbox.org/wiki/Changelog

Home          Corporate          Resources          Report Security Bug          Diary