Note: This is an archival copy of Security Sun Alert 247326 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019839.1.
Date of Resolved Release
Insecure Temporary File Creation Security Vulnerability in Sun xVM VirtualBox
An insecure temporary file creation security vulnerability in Sun xVM VirtualBox may allow a local unprivileged user to create or overwrite arbitrary files, with the access privileges of the user running the VirtualBox.
Sun acknowledges with thanks, Debian for bringing this issue to our attention.
This issue is referenced in the following document:
CVE-2008-5256 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5256
2. Contributing Factors
This issue can occur in the following releases:
1. Sun xVM VirtualBox does not run on the SPARC Platform
2. Sun xVM VirtualBox packages for Windows are not affected.
To determine the version of xVM VirtualBox on a system, you can do one of the following:
In the Menu of Sun xVM VirtualBox, select Help -> About VirtualBox
From the command line, run "VBoxManage -version" in the product installation directory.
Extra files appear or existing files suddenly have different content. The file contents are very small; such as a single line containing only a number.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment