Note: This is an archival copy of Security Sun Alert 240095 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019492.1.
Sun xVM VirtualBox 1.6
Date of Resolved Release
A Security Vulnerability in 'VBoxDrv.sys' driver of Sun xVM VirtualBox 1.6 may lead to Arbitrary Code Execution or Denial of Service (DoS)
A security vulnerability in the 'VBoxDrv.sys' driver shipped with Sun xVM VirtualBox 1.6.0/1.6.2 may allow a local unprivileged user to execute arbitrary code on the system or cause a system panic. The ability to cause system panic is a type of Denial of Service (DoS).
Sun acknowledges with thanks, Anibal Sacco of Core Security Technologies for bringing this issue to our attention.
This issue is described in the following document:
2. Contributing Factors
This issue can occur on the following releases:
To determine the version of xVM VirtualBox on a Windows system, you can do one of the following:
In the Menu of Sun xVM VirtualBox, select Help -> About VirtualBox
From the command line, run "VBoxManage -version" in the product installation directory.
If the described issue occurs, the system will either panic or overwrite memory contents.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following release:
Sun xVM VirtualBox 1.6.4 for Windows can be downloaded from the following site:
For more information
on Security Sun Alerts, see 1009886.1.
This solution has no attachment