Vulnerabilities > CVE-2009-3692 - Local Privilege Escalation vulnerability in Sun VirtualBox VBoxNetAdpCtl Configuration Tool
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 | |
| OS | 1 | |
| OS | 1 | |
| OS | 2 |
Exploit-Db
| description | Sun VirtualBox. CVE-2009-3692. Local exploits for multiple platform |
| id | EDB-ID:9973 |
| last seen | 2016-02-01 |
| modified | 2009-10-17 |
| published | 2009-10-17 |
| reporter | prdelka |
| source | https://www.exploit-db.com/download/9973/ |
| title | Sun VirtualBox <= 3.0.6 - Privilege Escalation |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201001-04.NASL description The remote host is affected by the vulnerability described in GLSA-201001-04 (VirtualBox: Multiple vulnerabilities) Thomas Biege of SUSE discovered multiple vulnerabilities: A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool. An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). Impact : A local, unprivileged attacker with the permission to run VirtualBox could gain root privileges. A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 44893 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44893 title GLSA-201001-04 : VirtualBox: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201001-04. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(44893); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-3692", "CVE-2009-3940"); script_xref(name:"GLSA", value:"201001-04"); script_name(english:"GLSA-201001-04 : VirtualBox: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201001-04 (VirtualBox: Multiple vulnerabilities) Thomas Biege of SUSE discovered multiple vulnerabilities: A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool. An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). Impact : A local, unprivileged attacker with the permission to run VirtualBox could gain root privileges. A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201001-04" ); script_set_attribute( attribute:"solution", value: "All users of the binary version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-bin-3.0.12' All users of the Open Source version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-ose-3.0.12' All users of the binary VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-guest-additions-3.0.12' All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-ose-additions-3.0.12'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-guest-additions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-ose-additions"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/virtualbox-guest-additions", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-ose-additions", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-ose", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EBEED063B32811DEB6A50030843D3802.NASL description Sun reports : A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 42060 published 2009-10-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42060 title FreeBSD : virtualbox -- privilege escalation (ebeed063-b328-11de-b6a5-0030843d3802) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(42060); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2009-3692"); script_xref(name:"Secunia", value:"36929"); script_name(english:"FreeBSD : virtualbox -- privilege escalation (ebeed063-b328-11de-b6a5-0030843d3802)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Sun reports : A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges." ); # http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?afecee0d" ); # https://vuxml.freebsd.org/freebsd/ebeed063-b328-11de-b6a5-0030843d3802.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f6e7690b" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:virtualbox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/07"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"virtualbox<3.0.51.r22902_2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82055/prdelka-vs-SUN-virtualbox.sh.txt |
| id | PACKETSTORM:82055 |
| last seen | 2016-12-05 |
| published | 2009-10-17 |
| reporter | prdelka |
| source | https://packetstormsecurity.com/files/82055/Sun-VirtualBox-3.0.6-Local-Root.html |
| title | Sun VirtualBox 3.0.6 Local Root |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:67009 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67009 title Sun VirtualBox <= 3.0.6 - Privilege Escalation bulletinFamily exploit description No description provided by source. id SSV:14403 last seen 2017-11-19 modified 2009-10-17 published 2009-10-17 reporter Root source https://www.seebug.org/vuldb/ssvid-14403 title Sun VirtualBox <= 3.0.6 privilege escalation
References
- http://secunia.com/advisories/36929
- http://securitytracker.com/id?1022990
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1
- http://www.osvdb.org/58652
- http://www.securityfocus.com/bid/36604
- http://www.virtualbox.org/wiki/Changelog
- http://www.vupen.com/english/advisories/2009/2845
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53671