6.9

CVE-2009-0876

Exploit
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunXvm Virtualbox Version2.0.0
   LinuxLinux Kernel
SunXvm Virtualbox Version2.0.2
   LinuxLinux Kernel
SunXvm Virtualbox Version2.0.4
   LinuxLinux Kernel
SunXvm Virtualbox Version2.0.6r39760
   LinuxLinux Kernel
SunXvm Virtualbox Version2.1.0
   LinuxLinux Kernel
SunXvm Virtualbox Version2.1.2
   LinuxLinux Kernel
SunXvm Virtualbox Version2.1.4r42893
   LinuxLinux Kernel
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.515
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://osvdb.org/52580
http://secunia.com/advisories/34232
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2009/03/15/1
http://www.openwall.com/lists/oss-security/2009/03/17/2
http://www.securityfocus.com/bid/34080
Exploit
http://www.securitytracker.com/id?1021841
http://www.virtualbox.org/ticket/3444
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0674
Patch
Vendor Advisory
https://bugs.gentoo.org/show_bug.cgi?id=260331
https://exchange.xforce.ibmcloud.com/vulnerabilities/49193