Note: This is an archival copy of Security Sun Alert 271149 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021114.1.
Article ID : 1021114.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2009-12-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in VirtualBox Guest Additions May Lead to Denial of Service against the Virtual Machine

Category
Security

Release Phase
Resolved

Bug Id
6889615

Product
Sun xVM VirtualBox 1.6
Sun xVM VirtualBox 2.0
Sun xVM VirtualBox 2.1
Sun xVM VirtualBox 2.2
Sun VirtualBox 3.0

Date of Resolved Release
13-Nov-2009

A security vulnerability in the optional Sun VirtualBox Guest Additions ...

1. Impact

A security vulnerability in the optional Sun VirtualBox Guest Additions may allow local unprivileged
users to exhaust the kernel memory of the guest operating system, leading to a Denial of Service
against the guest operating system running in a virtual machine.

Since the Guest Additions are installed in the guest operating system only, this vulnerability is limited
to local users of the guest operating system running in a virtual machine where the Guest Additions
have been installed. The host operating system is not affected.

Sun would like to acknowledge with thanks, Thomas Biege of SUSE Linux for bringing this issue to our attention.

This issue is also referenced in the following document:

2. Contributing Factors

This issue can occur in the following releases:

  • all Sun xVM VirtualBox Guest Additions 1.6 releases
  • Sun xVM VirtualBox Guest Additions 2.0.0, 2.0.2, 2.0.4, 2.0.6, 2.0.8, 2.0.10
  • all Sun xVM VirtualBox Guest Additions 2.1 releases
  • all Sun xVM VirtualBox Guest Additions 2.2 releases
  • Sun VirtualBox Additions 3.0.0, 3.0.2, 3.0.4, 3.0.6 and 3.0.8
VirtualBox Guest Additions are available for Linux, Windows and Solaris. 
They are shipped as an ISO9660 image with the VirtualBox product and 
are also available for download separately.

Notes:

1. Sun VirtualBox is not shipped for the Solaris SPARC Platform.
2. Virtual machines without Guest Additions are not affected.

To determine the version of Guest Additions you have installed in a particular
virtual machine, use the following command on the host (replace VMNAME with
the actual virtual machine name):

    $ VBoxManage --nologo guestproperty get VMNAME /VirtualBox/GuestAdd/Version

The output looks like the following:

    Value: 3.0.8

If the output is:

    No value set!

The above means that there is either an older release of the Guest Additions installed
or no Guest Additions are installed. In this case update the Guest Additions, to be on the safe side.

This version check works for virtual machines in any state, running or not.

On Windows hosts you may need to specify the full path to the VBoxManage executable, e.g.

   C:\> "C:\Program Files\Sun\VirtualBox\VBoxManage.exe" ...

3. Symptoms

There are no predictable symptoms to indicate that this issue has been exploited.

4. Workaround

There is no workaround for this issue. Please see the "Resolution" section below.

5. Resolution

This issue is addressed in the following release:

  • Sun xVM VirtualBox 2.0.12 (for all platforms)
  • Sun VirtualBox 3.0.10 (for all platforms)

Users of Sun xVM VirtualBox 1.6 releases should update to either Sun xVM VirtualBox 2.0.12
or Sun VirtualBox 3.0.10, both for the applications running on the host and for the Guest Additions.

Users of Sun xVM VirtualBox 2.1 and 2.2 releases should to update to Sun VirtualBox 3.0.10,
both for the applications running on the host and for the Guest Additions.

Sun VirtualBox 3.0.10 can be downloaded from the following site:
http://download.virtualbox.org/virtualbox/vboxdownload.html

Sun VirtualBox 2.0.12 can be downloaded from the following site:
http://www.virtualbox.org/wiki/Download_Old_Builds_2_0

Refer to the user manual if you are unsure how to install or update Guest Additions.
Installing the updated VirtualBox package on the host system does not change the
installed release of the Guest Additions in the virtual machines.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Modification History
04-Dec-2009: Updated Impact section for CVE reference

















Attachments
This solution has no attachment