full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDVSA-2009:011 ] virtual

[Full-disclosure] [ MDVSA-2009:011 ] virtualbox

From: <security_at_nospam>
Date: Thu Jan 15 2009 - 02:29:00 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2009:011  http://www.mandriva.com/security/
Package : virtualbox Date : January 14, 2009 Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________

 Problem Description:

 A vulnerability have been discovered and corrected in VirtualBox,  affecting versions prior to 2.0.6, which allows local users  to overwrite arbitrary files via a symlink attack on a  /tmp/.vbox-qateam-ipc/lock temporary file (CVE-2008-5256).  

 The updated packages have been patched to prevent this.


 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5256


 Updated Packages:

 Mandriva Linux 2008.0: 0faad982e37288846205d6d33d590ee1 2008.0/i586/dkms-vboxadd-1.5.0-6.1mdv2008.0.i586.rpm ec69afc3908bd606bae77b8422e39558 2008.0/i586/dkms-vboxvfs-1.5.0-6.1mdv2008.0.i586.rpm c27d1bd07d9dc67f4cefbdf33472acca 2008.0/i586/dkms-virtualbox-1.5.0-6.1mdv2008.0.i586.rpm 9964702ee96bcf6c6edf0c31835d20e7 2008.0/i586/virtualbox-1.5.0-6.1mdv2008.0.i586.rpm 435eb23fb1847074783ee59f21afa05d 2008.0/i586/virtualbox-guest-additions-1.5.0-6.1mdv2008.0.i586.rpm dbf4cd4d51e6690ed54a01751d7eb6e3 2008.0/i586/x11-driver-input-vboxmouse-1.5.0-6.1mdv2008.0.i586.rpm 89984e4e53d3eda593e1a384b97acd14 2008.0/i586/x11-driver-video-vboxvideo-1.5.0-6.1mdv2008.0.i586.rpm d0edb2542a83e4ab966bb9990b9c3a88 2008.0/SRPMS/virtualbox-1.5.0-6.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: 0bfb5b9d8c8a16f1e04fd490e6379e63 2008.0/x86_64/dkms-virtualbox-1.5.0-6.1mdv2008.0.x86_64.rpm 3bc3251552c50c2ba8270a69c5f353d7 2008.0/x86_64/virtualbox-1.5.0-6.1mdv2008.0.x86_64.rpm d0edb2542a83e4ab966bb9990b9c3a88 2008.0/SRPMS/virtualbox-1.5.0-6.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1: c4e028f64685550f1b54d658cac8033c 2008.1/i586/dkms-vboxadd-1.5.6-1.1mdv2008.1.i586.rpm 0ba02b82975789a2e074562c266e3880 2008.1/i586/dkms-vboxvfs-1.5.6-1.1mdv2008.1.i586.rpm 91fb1e876d76370c40f2bc20271dcdbb 2008.1/i586/dkms-virtualbox-1.5.6-1.1mdv2008.1.i586.rpm 42dd201c14fab3dd1ff218969f88612c 2008.1/i586/virtualbox-1.5.6-1.1mdv2008.1.i586.rpm 5feeef63896de6093cdd6365258df60d 2008.1/i586/virtualbox-guest-additions-1.5.6-1.1mdv2008.1.i586.rpm 3d3fc94cb178e2a6853679f01f7f4198 2008.1/i586/x11-driver-input-vboxmouse-1.5.6-1.1mdv2008.1.i586.rpm 79b78be2abe7b3a6d8e95d547139afa4 2008.1/i586/x11-driver-video-vboxvideo-1.5.6-1.1mdv2008.1.i586.rpm 6c18b42e2ff43d79009dedc817fa19e9 2008.1/SRPMS/virtualbox-1.5.6-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64: 4d261638ff0134079fa6c52d0a368664 2008.1/x86_64/dkms-virtualbox-1.5.6-1.1mdv2008.1.x86_64.rpm 6ccec4ff2f35d1308f73e10679651ce0 2008.1/x86_64/virtualbox-1.5.6-1.1mdv2008.1.x86_64.rpm 6c18b42e2ff43d79009dedc817fa19e9 2008.1/SRPMS/virtualbox-1.5.6-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0: 53e13912d97abe5b7044887eab1028fd 2009.0/i586/dkms-vboxadd-2.0.2-2.1mdv2009.0.i586.rpm 9441661b095cf9c65c50c3a81f1fb89b 2009.0/i586/dkms-vboxvfs-2.0.2-2.1mdv2009.0.i586.rpm 2977fa2971f66d6b554ab73f03b80ba6 2009.0/i586/dkms-virtualbox-2.0.2-2.1mdv2009.0.i586.rpm acddf8b8a168c148f1f5e7a548a610bd 2009.0/i586/virtualbox-2.0.2-2.1mdv2009.0.i586.rpm edfc2bc624a87ab96f238345fbe38529 2009.0/i586/virtualbox-guest-additions-2.0.2-2.1mdv2009.0.i586.rpm e3650d3c5fedb2dccdc4a2e108414b95 2009.0/i586/x11-driver-input-vboxmouse-2.0.2-2.1mdv2009.0.i586.rpm 6d28714532427680f82c86fe34fee3e0 2009.0/i586/x11-driver-video-vboxvideo-2.0.2-2.1mdv2009.0.i586.rpm 93f4904d403da2dd75ca4d444d298846 2009.0/SRPMS/virtualbox-2.0.2-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64: 667f19d7803c5eb163364ce221b367be 2009.0/x86_64/dkms-vboxadd-2.0.2-2.1mdv2009.0.x86_64.rpm e4439eb5b8a5ef7e09924989058a69b8 2009.0/x86_64/dkms-vboxvfs-2.0.2-2.1mdv2009.0.x86_64.rpm 3da3bc075de10484211b0da29a0a14cc 2009.0/x86_64/dkms-virtualbox-2.0.2-2.1mdv2009.0.x86_64.rpm 1aba902daf9019cbcf4e62e8a64d0a82 2009.0/x86_64/virtualbox-2.0.2-2.1mdv2009.0.x86_64.rpm da486be54760b618a3d84e23c3ad067e 2009.0/x86_64/virtualbox-guest-additions-2.0.2-2.1mdv2009.0.x86_64.rpm a3adf7c94132553f43dc6a0cd765bcc8 2009.0/x86_64/x11-driver-input-vboxmouse-2.0.2-2.1mdv2009.0.x86_64.rpm ca82cc1b8e6b5d85d1a7601a37367562 2009.0/x86_64/x11-driver-video-vboxvideo-2.0.2-2.1mdv2009.0.x86_64.rpm 93f4904d403da2dd75ca4d444d298846 2009.0/SRPMS/virtualbox-2.0.2-2.1mdv2009.0.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJbnEzmqjQ0CJFipgRAtaKAKCw/UI12LmoHfiopLbrwfYw9hpjYwCeII/w cG8DdjRcqRGXazcDy+z623M=
=XDR6
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/