Detections
Analytics
Mandriva Linux Security Advisory : virtualbox (MDVSA-2009:011)
medium Nessus Plugin ID 37915
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability have been discovered and corrected in VirtualBox, affecting versions prior to 2.0.6, which allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-qateam-ipc/lock temporary file (CVE-2008-5256).The updated packages have been patched to prevent this.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 37915
File Name: mandriva_MDVSA-2009-011.nasl
Version: 1.13
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.4
Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:dkms-vboxadd, p-cpe:/a:mandriva:linux:dkms-vboxvfs, p-cpe:/a:mandriva:linux:dkms-virtualbox, p-cpe:/a:mandriva:linux:virtualbox, p-cpe:/a:mandriva:linux:virtualbox-guest-additions, p-cpe:/a:mandriva:linux:x11-driver-input-vboxmouse, p-cpe:/a:mandriva:linux:x11-driver-video-vboxvideo, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1, cpe:/o:mandriva:linux:2009.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 1/14/2009
Reference Information
CVE: CVE-2008-5256
CWE: 59
MDVSA: 2009:011