CVE-2009-0876

Published: Mar 12, 2009Modified: Apr 23, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.

Affected (7)

Products: Sun: Xvm Virtualbox

1 product

Configuration A

7 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sun Xvm Virtualbox	Version 2.0.0
Sun Xvm Virtualbox	Version 2.0.2
Sun Xvm Virtualbox	Version 2.0.4
Sun Xvm Virtualbox	Version 2.0.6r39760
Sun Xvm Virtualbox	Version 2.1.0
Sun Xvm Virtualbox	Version 2.1.2
Sun Xvm Virtualbox	Version 2.1.4r42893

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (22)

http://osvdb.org/52580

Source: cve@mitre.org

http://secunia.com/advisories/34232

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1

Source: cve@mitre.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2009/03/15/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2009/03/17/2

Source: cve@mitre.org

http://www.securityfocus.com/bid/34080

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1021841

Source: cve@mitre.org

http://www.virtualbox.org/ticket/3444

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/0674

Source: cve@mitre.org

PatchVendor Advisory

https://bugs.gentoo.org/show_bug.cgi?id=260331

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/49193

Source: cve@mitre.org

http://osvdb.org/52580

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34232

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2009/03/15/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2009/03/17/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34080

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1021841

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.virtualbox.org/ticket/3444

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/0674

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugs.gentoo.org/show_bug.cgi?id=260331

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/49193

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.