CVE-2008-3431

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:xvm_virtualbox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:sun:xvm_virtualbox:*:*:*:*:*:*:*:*

Information

Published : 2008-08-05 12:41

Updated : 2018-10-11 13:48


NVD link : CVE-2008-3431

Mitre link : CVE-2008-3431


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

sun

  • xvm_virtualbox