CVE-2008-3431 - The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHO

CVE-2008-3431

Summary

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

References

Vulnerable Configurations

cpe:2.3:a:oracle:virtualbox:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:virtualbox:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:virtualbox:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:virtualbox:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:virtualbox:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:virtualbox:1.6.2:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 16-07-2024 - 17:23)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	30481
bugtraq	20080804 CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability
confirm	http://virtualbox.org/wiki/Changelog
exploit-db	6218
misc	http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerability
sectrack	1020625
secunia	31361
sreason	4107
sunalert	240095
vupen	ADV-2008-2293
xf	sun-xvmvirtualbox-privilege-escalation(44202)

Last major update

16-07-2024 - 17:23

Published

05-08-2008 - 19:41

Last modified

16-07-2024 - 17:23