Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2009-03-12 08:20
Updated : 2017-08-16 18:30
NVD link : CVE-2009-0876
Mitre link : CVE-2009-0876
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
sun
- xvm_virtualbox
linux
- linux_kernel