CVE-2007-6328 - DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating

CVE-2007-6328

Summary

DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem

References

http://aluigi.org/poc/dosboxxx.zip
http://securityreason.com/securityalert/3442
http://osvdb.org/44766
http://www.securityfocus.com/bid/26802
http://www.vupen.com/english/advisories/2007/4170
https://exchange.xforce.ibmcloud.com/vulnerabilities/38970
http://www.securityfocus.com/archive/1/484835/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:dosbox:dosbox:*:*:*:*:*:*:*:*
cpe:2.3:a:dosbox:dosbox:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 17-05-2024 - 00:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	26802
bugtraq	20071210 Filesystem access in DOSBox 0.72
misc	http://aluigi.org/poc/dosboxxx.zip
osvdb	44766
sreason	3442
vupen	ADV-2007-4170
xf	dosbox-mount-unauthorized-access(38970)

Last major update

17-05-2024 - 00:36

Published

13-12-2007 - 19:46

Last modified

17-05-2024 - 00:36