Vulnerabilites related to sun - virtualbox
cve-2009-3940
Vulnerability from cvelistv5
Published
2009-11-16 19:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/38420 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "271149",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1"
},
{
"name": "SUSE-SR:2010:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"name": "38420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "271149",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1"
},
{
"name": "SUSE-SR:2010:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"name": "38420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "271149",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1"
},
{
"name": "SUSE-SR:2010:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"name": "38420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3940",
"datePublished": "2009-11-16T19:00:00",
"dateReserved": "2009-11-16T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3692
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.virtualbox.org/wiki/Changelog | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/2845 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36604 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/58652 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1022990 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/36929 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53671 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.virtualbox.org/wiki/Changelog"
},
{
"name": "ADV-2009-2845",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"name": "36604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36604"
},
{
"name": "58652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58652"
},
{
"name": "1022990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022990"
},
{
"name": "36929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36929"
},
{
"name": "268188",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.virtualbox.org/wiki/Changelog"
},
{
"name": "ADV-2009-2845",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"name": "36604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36604"
},
{
"name": "58652",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58652"
},
{
"name": "1022990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022990"
},
{
"name": "36929",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36929"
},
{
"name": "268188",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.virtualbox.org/wiki/Changelog",
"refsource": "CONFIRM",
"url": "http://www.virtualbox.org/wiki/Changelog"
},
{
"name": "ADV-2009-2845",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"name": "36604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36604"
},
{
"name": "58652",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58652"
},
{
"name": "1022990",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022990"
},
{
"name": "36929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36929"
},
{
"name": "268188",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3692",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-13T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2715
Vulnerability from cvelistv5
Published
2009-08-07 18:33
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52211 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/35915 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/9323 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "virtualbox-sysenter-dos(52211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52211"
},
{
"name": "35915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35915"
},
{
"name": "9323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "virtualbox-sysenter-dos(52211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52211"
},
{
"name": "35915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35915"
},
{
"name": "9323",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9323"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "virtualbox-sysenter-dos(52211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52211"
},
{
"name": "35915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35915"
},
{
"name": "9323",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9323"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2715",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2714
Vulnerability from cvelistv5
Published
2009-08-07 18:33
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35960 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2173 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36080 | third-party-advisory, x_refsource_SECUNIA | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16725 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35960",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35960"
},
{
"name": "ADV-2009-2173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2173"
},
{
"name": "36080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36080"
},
{
"name": "265268",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1"
},
{
"name": "oval:org.mitre.oval:def:16725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35960",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35960"
},
{
"name": "ADV-2009-2173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2173"
},
{
"name": "36080",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36080"
},
{
"name": "265268",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1"
},
{
"name": "oval:org.mitre.oval:def:16725",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35960"
},
{
"name": "ADV-2009-2173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2173"
},
{
"name": "36080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36080"
},
{
"name": "265268",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1"
},
{
"name": "oval:org.mitre.oval:def:16725",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2714",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3923
Vulnerability from cvelistv5
Published
2009-11-10 00:00
Modified
2024-08-07 06:45
Severity ?
EPSS score ?
Summary
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54136 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36917 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vdi-authentication-unauth-access(54136)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54136"
},
{
"name": "268328",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1"
},
{
"name": "36917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vdi-authentication-unauth-access(54136)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54136"
},
{
"name": "268328",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1"
},
{
"name": "36917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vdi-authentication-unauth-access(54136)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54136"
},
{
"name": "268328",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1"
},
{
"name": "36917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3923",
"datePublished": "2009-11-10T00:00:00",
"dateReserved": "2009-11-09T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200910-0199
Vulnerability from variot
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IBM Informix Client Software Development Kit (CSDK) 3.5 IBM Informix Connect 3.x Other products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: IBM Informix Products Setnet32 Utility ".nfx" Processing Buffer Overflow
SECUNIA ADVISORY ID: SA36949
VERIFY ADVISORY: http://secunia.com/advisories/36949/
DESCRIPTION: bruiser has discovered a vulnerability in IBM Informix Client Software Development Kit (CSDK) and IBM Informix Connect, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of ".nfx" files. This can be exploited to cause a stack-based buffer overflow when an ".nfx" file having e.g. an overly long "HostList" entry is opened.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in setnet32.exe version 3.50.0.13752 included in IBM Informix CSDK version 3.50. Other versions may also be affected.
SOLUTION: Do not open untrusted ".nfx" files.
PROVIDED AND/OR DISCOVERED BY: Nine:Situations:Group::bruiser
ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ibm_setnet32.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
SOLUTION: Update to version 3.0.8.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-04
http://security.gentoo.org/
Severity: Normal Title: VirtualBox: Multiple vulnerabilities Date: January 13, 2010 Bugs: #288836, #294678 ID: 201001-04
Synopsis
Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation.
Background
The VirtualBox family provides powerful x86 virtualization products. -------------------------------------------------------------------
Description
Thomas Biege of SUSE discovered multiple vulnerabilities:
-
A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool.
-
An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors.
Workaround
There is no known workaround at this time.
Resolution
All users of the binary version of VirtualBox should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-bin-3.0.12"
All users of the Open Source version of VirtualBox should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-ose-3.0.12"
All users of the binary VirtualBox Guest Additions should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-guest-additions-3.0.12"
All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-ose-additions-3.0.12"
References
[ 1 ] CVE-2009-3692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692 [ 2 ] CVE-2009-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201001-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "3.0.6"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "3.0.4"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.9,
"vendor": "sun",
"version": "3.0.2"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 1.6,
"vendor": "sun",
"version": "3.0.0"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "3.0.8"
},
{
"model": "virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "3.0.x"
},
{
"model": "informix csdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.50"
},
{
"model": "informix connect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "virtualbox",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "3.0.8"
}
],
"sources": [
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sun:virtualbox",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thomas Biege of SUSE Linux",
"sources": [
{
"db": "BID",
"id": "36604"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3692",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2009-3692",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-41138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3692",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-3692",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-203",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-41138",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects the following:\nIBM Informix Client Software Development Kit (CSDK) 3.5\nIBM Informix Connect 3.x\nOther products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nIBM Informix Products Setnet32 Utility \".nfx\" Processing Buffer\nOverflow\n\nSECUNIA ADVISORY ID:\nSA36949\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36949/\n\nDESCRIPTION:\nbruiser has discovered a vulnerability in IBM Informix Client\nSoftware Development Kit (CSDK) and IBM Informix Connect, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to a boundary error in the processing\nof \".nfx\" files. This can be exploited to cause a stack-based buffer\noverflow when an \".nfx\" file having e.g. an overly long \"HostList\"\nentry is opened. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is confirmed in setnet32.exe version 3.50.0.13752\nincluded in IBM Informix CSDK version 3.50. Other versions may also\nbe affected. \n\nSOLUTION:\nDo not open untrusted \".nfx\" files. \n\nPROVIDED AND/OR DISCOVERED BY:\nNine:Situations:Group::bruiser\n\nORIGINAL ADVISORY:\nhttp://retrogod.altervista.org/9sg_ibm_setnet32.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nSOLUTION:\nUpdate to version 3.0.8. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201001-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: VirtualBox: Multiple vulnerabilities\n Date: January 13, 2010\n Bugs: #288836, #294678\n ID: 201001-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in VirtualBox were found, the worst of which\nallowing for privilege escalation. \n\nBackground\n==========\n\nThe VirtualBox family provides powerful x86 virtualization products. \n -------------------------------------------------------------------\n\nDescription\n===========\n\nThomas Biege of SUSE discovered multiple vulnerabilities:\n\n* A shell metacharacter injection in popen() (CVE-2009-3692) and a\n possible buffer overflow in strncpy() in the VBoxNetAdpCtl\n configuration tool. \n\n* An unspecified vulnerability in VirtualBox Guest Additions\n (CVE-2009-3940). A guest OS local user could cause a Denial\nof Service (memory consumption) on the guest OS via unknown vectors. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll users of the binary version of VirtualBox should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-bin-3.0.12\"\n\nAll users of the Open Source version of VirtualBox should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-ose-3.0.12\"\n\nAll users of the binary VirtualBox Guest Additions should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-guest-additions-3.0.12\"\n\nAll users of the Open Source VirtualBox Guest Additions should upgrade\nto the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-ose-additions-3.0.12\"\n\nReferences\n==========\n\n [ 1 ] CVE-2009-3692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692\n [ 2 ] CVE-2009-3940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201001-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3692"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41138",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3692",
"trust": 2.9
},
{
"db": "BID",
"id": "36604",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "36929",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "58652",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-2845",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1022990",
"trust": 1.1
},
{
"db": "BID",
"id": "36588",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "36949",
"trust": 0.7
},
{
"db": "XF",
"id": "53644",
"trust": 0.6
},
{
"db": "SECTRACK",
"id": "1022985",
"trust": 0.6
},
{
"db": "OSVDB",
"id": "58530",
"trust": 0.6
},
{
"db": "VUPEN",
"id": "ADV-2009-2834",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "85077",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "82055",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67009",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "9973",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41138",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81856",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"id": "VAR-200910-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:42:34.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sun Alert 268188",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/sun_alert_268188_security_vulnerability"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"trust": 1.2,
"url": "http://www.virtualbox.org/wiki/changelog"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/36604"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/58652"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1022990"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/36929"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3692"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3692"
},
{
"trust": 0.7,
"url": "http://retrogod.altervista.org/9sg_ibm_setnet32.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/53644"
},
{
"trust": 0.6,
"url": "http://www.vupen.com/english/advisories/2009/2834"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/36588"
},
{
"trust": 0.6,
"url": "http://www.osvdb.org/58530"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id?1022985"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/36949"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/software/data/informix/tools/csdk/"
},
{
"trust": 0.3,
"url": "http://xorl.wordpress.com/2009/10/13/cve-2009-3692-virtualbox-vboxnetadpctl-privilege-escalation/"
},
{
"trust": 0.3,
"url": "http://www.virtualbox.org/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36949/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36929/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3940"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3692"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3940"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201001-04.xml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41138"
},
{
"db": "BID",
"id": "36588"
},
{
"db": "BID",
"id": "36604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"db": "PACKETSTORM",
"id": "81799"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "PACKETSTORM",
"id": "85077"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41138"
},
{
"date": "2009-10-01T00:00:00",
"db": "BID",
"id": "36588"
},
{
"date": "2009-10-06T00:00:00",
"db": "BID",
"id": "36604"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"date": "2009-10-05T14:37:52",
"db": "PACKETSTORM",
"id": "81799"
},
{
"date": "2009-10-07T05:27:52",
"db": "PACKETSTORM",
"id": "81856"
},
{
"date": "2010-01-14T02:32:25",
"db": "PACKETSTORM",
"id": "85077"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"date": "2009-10-13T10:30:00.703000",
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-41138"
},
{
"date": "2009-10-15T22:28:00",
"db": "BID",
"id": "36588"
},
{
"date": "2010-01-14T09:11:00",
"db": "BID",
"id": "36604"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006423"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-203"
},
{
"date": "2024-11-21T01:07:58.290000",
"db": "NVD",
"id": "CVE-2009-3692"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "36604"
},
{
"db": "PACKETSTORM",
"id": "81856"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "BID",
"id": "36604"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-203"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2009-11-16 19:30
Modified
2024-11-21 01:08
Severity ?
Summary
Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | virtualbox | * | |
| sun | virtualbox | 2.0.8 | |
| sun | virtualbox | 2.0.10 | |
| sun | virtualbox | 2.2 | |
| sun | virtualbox | 3.0 | |
| sun | virtualbox | 3.0.0 | |
| sun | virtualbox | 3.0.2 | |
| sun | virtualbox | 3.0.4 | |
| sun | virtualbox | 3.0.6 | |
| sun | xvm_virtualbox | * | |
| sun | xvm_virtualbox | 1.6 | |
| sun | xvm_virtualbox | 1.6.0 | |
| sun | xvm_virtualbox | 1.6.2 | |
| sun | xvm_virtualbox | 1.6.4 | |
| sun | xvm_virtualbox | 2.0.0 | |
| sun | xvm_virtualbox | 2.0.2 | |
| sun | xvm_virtualbox | 2.0.4 | |
| sun | xvm_virtualbox | 2.0.6 | |
| sun | xvm_virtualbox | 2.0.8 | |
| sun | xvm_virtualbox | 2.0.10 | |
| sun | xvm_virtualbox | 2.1.0 | |
| sun | xvm_virtualbox | 2.1.2 | |
| sun | xvm_virtualbox | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:virtualbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5E9DDF-5769-40FE-8E4E-9CBA1661EE02",
"versionEndIncluding": "3.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6456F012-E72B-4622-BFD1-F95FEDA6E446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0003E19C-EBAA-488F-B3F0-E2CFB283FBDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE04EDC-3616-447B-9BED-4A5EE6A470D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E2578-5FCB-4829-A179-7865BB2D8D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB28343-0302-4490-AD8C-C0C5F9B0527B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44193C48-D911-457D-B152-DE36E37AC6E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D151779F-5C0C-449E-BBEE-32830C03B865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C043BB9-6FC5-427E-A7E3-B1D883E918A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:*:2.1:*:*:*:*:*:*",
"matchCriteriaId": "2C14FA60-BC7D-4D12-9DC5-0612BD927262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76EE095C-735F-4E7D-8912-31AAFD547979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7A5D6B-F6F7-470F-8356-D2E1674CA46C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8A055A1-5783-4AE1-88CD-1FA2C395B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2F0E82DA-18A2-4A46-A04D-F0CBDD4E8CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "004F2896-4A98-4385-982D-D75351ABEEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96D440E-4639-4DF2-BEB1-BAD33A7E80CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C930392-136A-4C50-966E-D114C3DFB22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "14D22D83-221C-4E88-BBB2-5FF7FD1DEDA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "594F0AA8-5455-4E1C-9483-4FECFDB378B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49E8FB90-1164-490A-A9DB-16415453C985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5900799-F465-4071-8E84-6126357971D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87877B75-41B5-4CF4-B3D1-D52EAF957675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:xvm_virtualbox:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95639D96-67DE-4225-A0FC-3AAB6800C842",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Guest Additions en Sun xVM VirtualBox v1.6.x y v2.0.x anteriores a v2.0.12, v2.1.x, y v2.2.x, y en Sun VirtualBox versiones anteriores a v3.0.10, permite a usuarios del sistema operativo hu\u00e9sped provocar una denegaci\u00f3n de servicio (consumo de memoria) en el sistema operativo hu\u00e9sped mediante vectores desconocidos."
}
],
"id": "CVE-2009-3940",
"lastModified": "2024-11-21T01:08:33.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-16T19:30:01.030",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38420"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-07 19:00
Modified
2024-11-21 01:05
Severity ?
Summary
Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | virtualbox | 2.2 | |
| sun | virtualbox | 3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:virtualbox:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE04EDC-3616-447B-9BED-4A5EE6A470D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.2:r49928:*:*:*:*:*:*",
"matchCriteriaId": "FA21C04F-75D1-432C-922D-FE5DD7B3282D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction."
},
{
"lang": "es",
"value": "Sun VirtualBox v2.2 hasta v3.0.2 r49928 permite a los usuarios del SO (sistema operativo) hu\u00e9sped causar una denegaci\u00f3n de servicio (reinicio del SO Linux anfitri\u00f3n) a trav\u00e9s de una instrucci\u00f3n sysenter."
}
],
"id": "CVE-2009-2715",
"lastModified": "2024-11-21T01:05:34.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-07T19:00:01.203",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9323"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35915"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2024-11-21 01:07
Severity ?
Summary
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | virtualbox | 3.0.0 | |
| sun | virtualbox | 3.0.2 | |
| sun | virtualbox | 3.0.4 | |
| sun | virtualbox | 3.0.6 | |
| apple | mac_os_x | * | |
| linux | linux_kernel | - | |
| sun | opensolaris | * | |
| sun | solaris | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB28343-0302-4490-AD8C-C0C5F9B0527B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44193C48-D911-457D-B152-DE36E37AC6E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D151779F-5C0C-449E-BBEE-32830C03B865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C043BB9-6FC5-427E-A7E3-B1D883E918A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:opensolaris:*:*:x86:*:*:*:*:*",
"matchCriteriaId": "F8222C41-435E-4017-A8C7-D7AB624A6D05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*",
"matchCriteriaId": "FEEC0C5A-4A6E-403C-B929-D1EC8B0FE2A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la herramienta de configuraci\u00f3n VBoxNetAdpCtl en Sun VirtualBox v3.0.x anterior v3.0.8 en Solaris x86, Linux, y Mac OS X permite a usuarios locales obtener privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-3692",
"lastModified": "2024-11-21T01:07:58.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-13T10:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36929"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1022990"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/58652"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36604"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.virtualbox.org/wiki/Changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1022990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/58652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.virtualbox.org/wiki/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-07 19:00
Modified
2024-11-21 01:05
Severity ?
Summary
Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | virtualbox | 3.0.0 | |
| sun | virtualbox | 3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB28343-0302-4490-AD8C-C0C5F9B0527B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44193C48-D911-457D-B152-DE36E37AC6E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Sun VirtualBox v3.0.0 y v3.0.2 permite a los usuarios del SO (sistema operativo) hu\u00e9sped provocar una denegaci\u00f3n de servicio (reinicio del SO anfitri\u00f3n) a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-2714",
"lastModified": "2024-11-21T01:05:34.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-07T19:00:01.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36080"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35960"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2173"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-10 00:30
Modified
2024-11-21 01:08
Severity ?
Summary
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | virtual_desktop_infrastructure | 3.0 | |
| sun | virtualbox | 2.0.8 | |
| sun | virtualbox | 2.0.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:virtual_desktop_infrastructure:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13508CBB-9253-40A6-9CC9-5CD5535A35DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6456F012-E72B-4622-BFD1-F95FEDA6E446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:virtualbox:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0003E19C-EBAA-488F-B3F0-E2CFB283FBDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server."
},
{
"lang": "es",
"value": "El servicio Web de VirtualBox v2.0.8 y v2.0.10 en Sun Virtual Desktop Infrastructure (VDI) v3.0 no requiere autenticaci\u00f3n, lo que permite a atacantes remotos conseguir acceso no especificado a trav\u00e9s de vectores que implican peticiones al servidor Apache HTTP Server."
}
],
"id": "CVE-2009-3923",
"lastModified": "2024-11-21T01:08:31.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-10T00:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36917"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54136"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}