Vulnerability CVE-2008-3431 - CERT Civis.Net

Vulnerability Name:

CVE-2008-3431 (CCN-44202)

Assigned:

2008-08-04

Published:

2008-08-04

Updated:

2018-10-11

Summary:

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2008-3431

Source: CCN
Type: SA31361
Sun xVM VirtualBox "VBoxDrv.sys" IOCTL Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
31361

Source: SREASON
Type: UNKNOWN
4107

Source: CCN
Type: SECTRACK ID: 1020625
Sun xVM VirtualBox Lets Local Users Gain Full Privileges

Source: SECTRACK
Type: UNKNOWN
1020625

Source: CCN
Type: Sun Alert ID: 240095
A Security Vulnerability in 'VBoxDrv.sys' driver of Sun xVM VirtualBox 1.6 may lead to Arbitrary Code Execution or Denial of Service (DoS)

Source: SUNALERT
Type: UNKNOWN
240095

Source: CONFIRM
Type: UNKNOWN
http://virtualbox.org/wiki/Changelog

Source: CCN
Type: CORE-2008-0716
Sun xVM VirtualBox Privilege Escalation Vulnerability

Source: MISC
Type: UNKNOWN
http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerability

Source: CCN
Type: OSVDB ID: 47424
Sun xVM VirtualBox VBoxDrv.sys VBoxDrvNtDeviceControl Function IOCTL Request Local Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20080804 CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability

Source: BID
Type: Exploit
30481

Source: CCN
Type: BID-30481
Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability

Source: CCN
Type: Sun Web site
Sun xVM

Source: VUPEN
Type: UNKNOWN
ADV-2008-2293

Source: XF
Type: UNKNOWN
sun-xvmvirtualbox-privilege-escalation(44202)

Source: XF
Type: UNKNOWN
sun-xvmvirtualbox-privilege-escalation(44202)

Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG

Source: EXPLOIT-DB
Type: UNKNOWN
6218

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:xvm_virtualbox:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.3.8:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.5.0:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:*:*:*:*:*:*:*:* (Version <= 1.6.2)

Configuration CCN 1:

cpe:/a:sun:xvm_virtualbox:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:xvm_virtualbox:1.6.2:*:*:*:*:*:*:*

Denotes that component is vulnerable