Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3793
HistoryAug 06, 2008 - 12:00 a.m.

Sun xVM VirtualBox 'VBoxDrv.sys'本地特权提升漏洞

2008-08-0600:00:00
Root
www.seebug.org
93

EPSS

0.002

Percentile

57.8%

JSON

BUGTRAQ ID: 30481
CVE ID:CVE-2008-3431
CNCVE ID:CNCVE-20083431

Sun xVM VirtualBox是一款功能强大的虚拟机程序。
Sun xVM VirtualBox存在设计错误,本地攻击者可以利用漏洞提升特权。
当处理部分IOCTLs时VBoxDrv.sys驱动中存在错误,可导致在受影响宿主上以内核进程权限执行任意指令。
当VirtualBox安装在主机上时将装载VBoxDrv.sys驱动,驱动允许非特权用户打开设备\.\VBoxDrv,并在没有任何验证的情况下使用METHOD_NEITHER缓冲模式提交IOCTLs。这允许不可信用户模式代码传递任意内核地址作为参数给驱动处理。构建特殊的输入,恶意用户可以以内核进程权限执行任意指令。

Sun xVM VirtualBox 1.6.2
Sun xVM VirtualBox 1.6
可升级到Sun xVM VirtualBox 1.6.4:
<a href=“http://virtualbox.org/wiki/Changelog” target=“_blank”>http://virtualbox.org/wiki/Changelog</a>

Related

prion 1
securityvulns 2
packetstorm 1
ubuntucve 1
nessus 1
openvas 1
cisa_kev 1
carbonblack 1
seebug 2
exploitpack 1
cvelist 1
attackerkb 1
exploitdb 1
nvd 1
zdt 1
cve 1
threatpost 2
securelist 1
mssecure 2
mmpc 1
rapid7blog 1
prion
prion
Design/Logic Flaw
2008-08-05 19:41:00
securityvulns
securityvulns
CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability
2008-08-07 00:00:00
Sun xVM privilege escalation
2008-08-07 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2008.0716
2008-08-04 00:00:00
ubuntucve
ubuntucve
CVE-2008-3431
2008-08-05 00:00:00
nessus
nessus
Sun xVM VirtualBox < 1.6.4 Local Privilege Escalation
2008-08-05 00:00:00
openvas
openvas
Sun xVM VirtualBox Privilege Escalation Vulnerability - Windows
2023-03-29 00:00:00
cisa_kev
cisa_kev
Oracle VirtualBox Insufficient Input Validation Vulnerability
2022-03-03 00:00:00
carbonblack
carbonblack
Threat Analysis Unit (TAU) Technical Report: The Prospect of Iranian Cyber Retaliation
2020-01-21 18:41:46
seebug
seebug
Sun xVM VirtualBox &lt; 1.6.4 Privilege Escalation Vulnerability PoC
2008-08-11 00:00:00
Sun xVM VirtualBox < 1.6.4 Privilege Escalation Vulnerability PoC
2014-07-01 00:00:00
exploitpack
exploitpack
Sun xVM VirtualBox 1.6.4 - Privilege Escalation (PoC)
2008-08-10 00:00:00
cvelist
cvelist
CVE-2008-3431
2008-08-05 19:20:00
attackerkb
attackerkb
CVE-2008-3431
2008-08-05 00:00:00
exploitdb
exploitdb
Sun xVM VirtualBox &lt; 1.6.4 - Privilege Escalation (PoC)
2008-08-10 00:00:00
nvd
nvd
CVE-2008-3431
2008-08-05 19:41:00
zdt
zdt
Sun xVM VirtualBox < 1.6.4 Privilege Escalation Vulnerability PoC
2008-08-10 00:00:00
cve
cve
CVE-2008-3431
2008-08-05 19:41:00
threatpost
threatpost
AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit
2020-06-17 22:12:04
BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver
2020-02-10 21:07:34
securelist
securelist
APT trends report Q2 2020
2020-07-29 10:00:09
mssecure
mssecure
Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks
2020-03-17 16:00:49
Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center
2021-12-08 17:00:58
mmpc
mmpc
Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center
2021-12-08 17:00:58
rapid7blog
rapid7blog
Driver-Based Attacks: Past and Present
2021-12-13 14:00:00

EPSS

0.002

Percentile

57.8%

JSON
Related for SSV:3793
prion1securityvulns2packetstorm1ubuntucve1nessus1openvas1cisa_kev1carbonblack1seebug2exploitpack1cvelist1attackerkb1exploitdb1nvd1zdt1cve1threatpost2securelist1mssecure2mmpc1rapid7blog1