[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Nov 2008 16:34:07 +0100
From: Ludwig Nussel <ludwig.nussel@...e.de>
To: cve@...re.org
Cc: oss-security@...ts.openwall.com
Subject: CVE Request: VirtualBox tmp file issue
Hi,
http://www.virtualbox.org/wiki/Changelog:
VirtualBox 2.0.6
- Linux/Solaris/Darwin hosts: verify permissions in /tmp/vbox-$USER-ipc
These changes match that description:
http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810&old=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%407049
VirtualBox uses /tmp/vbox-$USER-ipc to store a socket and a lock
file. The lock file is truncated after a simple open call. AFAICS
creating /tmp/vbox-$USER-ipc before the victim starts VirtualBox
could therefore be exploited to create files as the victim or
truncate files of the victim.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
