Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-249: Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability

[CVE-2009-3692]

October 13, 2009 16:00 GMT
PROBLEM: Sun VirtualBox is prone to a local privilege-escalation vulnerability.
PLATFORM: Sun Solaris x86, Sun VirtualBox 3.0.0 Max OSX, Sun VirtualBox 3.0.0 Linux, Sun VirtualBox 3.0.0 Solaris x86, Sun VirtualBox 3.0.2 Linux, Sun VirtualBox 3.0.2 Solaris x86, Sun VirtualBox 3.0.2 Mac OSX, Sun VirtualBox 3.0.4 Mac OSX, Sun VirtualBox 3.0.4 Solaris x86, Sun VirtualBox 3.0.4 Linux, Sun VirtualBox 3.0.6 Mac OSX, Sun VirtualBox 3.0.6 Solaris x86, Sun VirtualBox 3.0.6 Linux
ABSTRACT: A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-249.shtml
  OTHER LINKS: Security Focus
http://www.securityfocus.com/bid/36604/info
X-Force
http://xforce.iss.net/xforce/xfdb/53671

  CVE: CVE-2009-3692
IMPACT ASSESSMENT: This risk is medium. A local attacker can exploit this vulnerability to run arbitrary code with superuser privileges. 
[***** Start CVE-2009-3692 *****]
Discussion:
A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges.

This issue can occur in the following releases:

Solaris x86 Platform
Sun VirtualBox 3.0.0, 3.0.2, 3.0.4 and 3.0.6

Linux Platform
Sun VirtualBox 3.0.0, 3.0.2, 3.0.4 and 3.0.6

Mac OSX Platform
Sun VirtualBox 3.0.0, 3.0.2, 3.0.4 and 3.0.6

Notes:
1. Sun VirtualBox is not shipped for the Solaris SPARC Platform.
2. This issue does not affect the Windows platform.
3. This issue does not affect releases of VirtualBox prior to 3.0.0

To determine the version of Sun VirtualBox, one of the following steps may be used:

1. In the Sun VirtualBox GUI, select:

Help -> About VirtualBox

OR

2. From the command line, run the following command:

$ VBoxManage -version

Solution:
This issue is addressed in the following release:

Sun VirtualBox 3.0.8 (for all platforms)

Sun VirtualBox packages can be downloaded from the following site:

http://download.virtualbox.org/virtualbox/vboxdownload.html

[***** End CVE-2009-3692 *****]
DOE-CIRC wishes to acknowledge the contributions of Thomas Biege of SUSE Linux for the information contained in this bulletin.
DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788