Note: This is an archival copy of Security Sun Alert 268188 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020966.1.
Date of Resolved Release
Security Vulnerability in the VBoxNetAdpCtl Configuration Tool for Sun VirtualBox May Lead to Escalation of Privileges
A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges.
Sun would like to acknowledge with thanks, Thomas Biege of SUSE Linux for bringing this issue to our attention.
This issue is also referenced in the following document:
2. Contributing Factors
This issue can occur in the following releases:
Solaris x86 Platform
1. Sun VirtualBox is not shipped for the Solaris SPARC Platform.
2. This issue does not affect the Windows platform.
3. This issue does not affect releases of VirtualBox prior to 3.0.0
To determine the version of Sun VirtualBox, one of the following steps may be used:
1. In the Sun VirtualBox GUI, select:
Help -> About VirtualBox
2. From the command line, run the following command:
$ VBoxManage -version3. Symptoms
There are no predictable symptoms to indicate this issue has been exploited to gain elevated privileges.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following release:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
04-Dec-2009: Updated Impact for CVE reference
This solution has no attachment