what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-011

Mandriva Linux Security Advisory 2009-011
Posted Jan 15, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-011 - A vulnerability have been discovered and corrected in VirtualBox, affecting versions prior to 2.0.6, which allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-qateam-ipc/lock temporary file. The updated packages have been patched to prevent this.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2008-5256
SHA-256 | d2d6936c188c338246b4bea6f20048c6dee6fee5ea3820c5693c61cd3d829268
Download | Favorite | View

Mandriva Linux Security Advisory 2009-011

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:011
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : virtualbox
 Date    : January 14, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability have been discovered and corrected in VirtualBox,
 affecting versions prior to 2.0.6, which allows local users
 to overwrite arbitrary files via a symlink attack on a
 /tmp/.vbox-qateam-ipc/lock temporary file (CVE-2008-5256).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5256
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 0faad982e37288846205d6d33d590ee1  2008.0/i586/dkms-vboxadd-1.5.0-6.1mdv2008.0.i586.rpm
 ec69afc3908bd606bae77b8422e39558  2008.0/i586/dkms-vboxvfs-1.5.0-6.1mdv2008.0.i586.rpm
 c27d1bd07d9dc67f4cefbdf33472acca  2008.0/i586/dkms-virtualbox-1.5.0-6.1mdv2008.0.i586.rpm
 9964702ee96bcf6c6edf0c31835d20e7  2008.0/i586/virtualbox-1.5.0-6.1mdv2008.0.i586.rpm
 435eb23fb1847074783ee59f21afa05d  2008.0/i586/virtualbox-guest-additions-1.5.0-6.1mdv2008.0.i586.rpm
 dbf4cd4d51e6690ed54a01751d7eb6e3  2008.0/i586/x11-driver-input-vboxmouse-1.5.0-6.1mdv2008.0.i586.rpm
 89984e4e53d3eda593e1a384b97acd14  2008.0/i586/x11-driver-video-vboxvideo-1.5.0-6.1mdv2008.0.i586.rpm 
 d0edb2542a83e4ab966bb9990b9c3a88  2008.0/SRPMS/virtualbox-1.5.0-6.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 0bfb5b9d8c8a16f1e04fd490e6379e63  2008.0/x86_64/dkms-virtualbox-1.5.0-6.1mdv2008.0.x86_64.rpm
 3bc3251552c50c2ba8270a69c5f353d7  2008.0/x86_64/virtualbox-1.5.0-6.1mdv2008.0.x86_64.rpm 
 d0edb2542a83e4ab966bb9990b9c3a88  2008.0/SRPMS/virtualbox-1.5.0-6.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 c4e028f64685550f1b54d658cac8033c  2008.1/i586/dkms-vboxadd-1.5.6-1.1mdv2008.1.i586.rpm
 0ba02b82975789a2e074562c266e3880  2008.1/i586/dkms-vboxvfs-1.5.6-1.1mdv2008.1.i586.rpm
 91fb1e876d76370c40f2bc20271dcdbb  2008.1/i586/dkms-virtualbox-1.5.6-1.1mdv2008.1.i586.rpm
 42dd201c14fab3dd1ff218969f88612c  2008.1/i586/virtualbox-1.5.6-1.1mdv2008.1.i586.rpm
 5feeef63896de6093cdd6365258df60d  2008.1/i586/virtualbox-guest-additions-1.5.6-1.1mdv2008.1.i586.rpm
 3d3fc94cb178e2a6853679f01f7f4198  2008.1/i586/x11-driver-input-vboxmouse-1.5.6-1.1mdv2008.1.i586.rpm
 79b78be2abe7b3a6d8e95d547139afa4  2008.1/i586/x11-driver-video-vboxvideo-1.5.6-1.1mdv2008.1.i586.rpm 
 6c18b42e2ff43d79009dedc817fa19e9  2008.1/SRPMS/virtualbox-1.5.6-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 4d261638ff0134079fa6c52d0a368664  2008.1/x86_64/dkms-virtualbox-1.5.6-1.1mdv2008.1.x86_64.rpm
 6ccec4ff2f35d1308f73e10679651ce0  2008.1/x86_64/virtualbox-1.5.6-1.1mdv2008.1.x86_64.rpm 
 6c18b42e2ff43d79009dedc817fa19e9  2008.1/SRPMS/virtualbox-1.5.6-1.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 53e13912d97abe5b7044887eab1028fd  2009.0/i586/dkms-vboxadd-2.0.2-2.1mdv2009.0.i586.rpm
 9441661b095cf9c65c50c3a81f1fb89b  2009.0/i586/dkms-vboxvfs-2.0.2-2.1mdv2009.0.i586.rpm
 2977fa2971f66d6b554ab73f03b80ba6  2009.0/i586/dkms-virtualbox-2.0.2-2.1mdv2009.0.i586.rpm
 acddf8b8a168c148f1f5e7a548a610bd  2009.0/i586/virtualbox-2.0.2-2.1mdv2009.0.i586.rpm
 edfc2bc624a87ab96f238345fbe38529  2009.0/i586/virtualbox-guest-additions-2.0.2-2.1mdv2009.0.i586.rpm
 e3650d3c5fedb2dccdc4a2e108414b95  2009.0/i586/x11-driver-input-vboxmouse-2.0.2-2.1mdv2009.0.i586.rpm
 6d28714532427680f82c86fe34fee3e0  2009.0/i586/x11-driver-video-vboxvideo-2.0.2-2.1mdv2009.0.i586.rpm 
 93f4904d403da2dd75ca4d444d298846  2009.0/SRPMS/virtualbox-2.0.2-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 667f19d7803c5eb163364ce221b367be  2009.0/x86_64/dkms-vboxadd-2.0.2-2.1mdv2009.0.x86_64.rpm
 e4439eb5b8a5ef7e09924989058a69b8  2009.0/x86_64/dkms-vboxvfs-2.0.2-2.1mdv2009.0.x86_64.rpm
 3da3bc075de10484211b0da29a0a14cc  2009.0/x86_64/dkms-virtualbox-2.0.2-2.1mdv2009.0.x86_64.rpm
 1aba902daf9019cbcf4e62e8a64d0a82  2009.0/x86_64/virtualbox-2.0.2-2.1mdv2009.0.x86_64.rpm
 da486be54760b618a3d84e23c3ad067e  2009.0/x86_64/virtualbox-guest-additions-2.0.2-2.1mdv2009.0.x86_64.rpm
 a3adf7c94132553f43dc6a0cd765bcc8  2009.0/x86_64/x11-driver-input-vboxmouse-2.0.2-2.1mdv2009.0.x86_64.rpm
 ca82cc1b8e6b5d85d1a7601a37367562  2009.0/x86_64/x11-driver-video-vboxvideo-2.0.2-2.1mdv2009.0.x86_64.rpm 
 93f4904d403da2dd75ca4d444d298846  2009.0/SRPMS/virtualbox-2.0.2-2.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJbnEzmqjQ0CJFipgRAtaKAKCw/UI12LmoHfiopLbrwfYw9hpjYwCeII/w
cG8DdjRcqRGXazcDy+z623M=
=XDR6
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close