vbox3 Privilege State Error Lets Local Users Execute TCL Scripts With Root Privileges
|
|
SecurityTracker Alert ID: 1008650
|
|
CVE Reference: CAN-2004-0015
(Links to External Site)
|
Date: Jan 8 2004
|
Impact: Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 0.1.7 and prior versions
|
Description: A vulnerability was reported in vbox3. A local user can gain root privileges on the target system.
In October 2003, it was reported that 'vboxgetty/voice.c' does not properly drop root privileges before running a user-controlled
TCL script. A local user can reportedly execute arbitrary scripts with root privileges to gain root access on the system.
|
Impact: A local user can execute scripts with root privileges.
|
Solution: The vendor has released a fixed version, available at:
http://smarden.org/pape/vbox3/install.html
The vendor's notice is available at:
http://listserv.isdn4linux.de/pipermail/isdn4linux/2003-October/000114.html
|
Vendor URL: smarden.org/pape/vbox3/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 08 Jan 2004 02:42:37 -0500
Subject: vbox3
|
CVE: CAN-2004-0015
Changelog:
> vbox3 (0.1.8) unstable; urgency=high
>
> * vboxgetty/voice.c: bug: permissions were not dropped accurately before
> running user-controlled tclscript; a user was able to gain root
> permissions through the tclscript. fix: fork(), setgid(), setsid() before
> running tclscript, and let main process wait for child.
A local user can reportedly execute arbitrary code with root privileges.
A fixed version is available at:
http://smarden.org/pape/vbox3/install.html
|
|
