[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: VirtualBox tmp file issue
From: Moritz Muehlenhoff <jmm () inutil ! org>
Date: 2008-11-24 21:20:20
Message-ID: 20081124212020.GA22752 () inutil ! org
[Download RAW message or body]
Ludwig Nussel wrote:
> http://www.virtualbox.org/wiki/Changelog:
> VirtualBox 2.0.6
> - Linux/Solaris/Darwin hosts: verify permissions in /tmp/vbox-$USER-ipc
>
> These changes match that description:
> http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2 \
> Fsrc%2FipcdUnix.cpp%4013810&old=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%407049
>
> VirtualBox uses /tmp/vbox-$USER-ipc to store a socket and a lock
> file. The lock file is truncated after a simple open call. AFAICS
> creating /tmp/vbox-$USER-ipc before the victim starts VirtualBox
> could therefore be exploited to create files as the victim or
> truncate files of the victim.
This is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149
(I already sent this to vendor-sec on the 7th, but the CVE
request seems to have fallen through the crack)
Cheers,
Moritz
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic