CVE-2009-0876
Published Mar 12, 2009
Last updated 7 years ago
Overview
- Description
- Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-59
Evaluator
- Comment
- -
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "004F2896-4A98-4385-982D-D75351ABEEE6"
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F96D440E-4639-4DF2-BEB1-BAD33A7E80CA"
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C930392-136A-4C50-966E-D114C3DFB22E"
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.6r39760:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20D125F4-B18B-40EA-8E44-460F0F9587A0"
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5900799-F465-4071-8E84-6126357971D1"
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87877B75-41B5-4CF4-B3D1-D52EAF957675"
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.1.4r42893:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64273D51-8F7D-4E79-AF81-8A036D6A8118"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]