Vulnerability Name:

CVE-2009-0876

Assigned:2009-02-26
Published:2009-02-26
Updated:2017-08-16
Summary:Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
CVSS v3 Severity:8.2 High (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-59
(ALLOWS_ADMIN_ACCESS)
References:Source: SUNALERT
Type: VENDOR_ADVISORY
254568

Source: MLIST
Type: UNKNOWN
[oss-security] 20090316 CVE-2009-0876 (VirtualBox) references

Source: MLIST
Type: UNKNOWN
[oss-security] 20090317 Re: CVE-2009-0876 (VirtualBox) references

Source: BID
Type: UNKNOWN
34080

Source: SECTRACK
Type: UNKNOWN
1021841

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.virtualbox.org/ticket/3444

Source: VUPEN
Type: VENDOR_ADVISORY
ADV-2009-0674

Source: CONFIRM
Type: UNKNOWN
https://bugs.gentoo.org/show_bug.cgi?id=260331

Source: XF
Type: UNKNOWN
xvmvirtualbox-unspecified-priv-escalation(49193)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:xvm_virtualbox:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.6r39760:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.4r42893:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:sun:xvm_virtualbox:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.6r39760:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.4r42893:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    sun xvm virtualbox 2.0.0
    sun xvm virtualbox 2.0.2
    sun xvm virtualbox 2.0.4
    sun xvm virtualbox 2.0.6r39760
    sun xvm virtualbox 2.1.4r42893
    sun xvm virtualbox 2.1.0
    sun xvm virtualbox 2.1.2
    linux linux kernel *
    sun xvm virtualbox 2.0.0
    sun xvm virtualbox 2.1.0
    sun xvm virtualbox 2.0.2
    sun xvm virtualbox 2.0.4
    sun xvm virtualbox 2.0.6r39760
    sun xvm virtualbox 2.1.2
    sun xvm virtualbox 2.1.4r42893