CVE-2008-3431

Опубликовано: 05 авг. 2008

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 7.2

CVSS3: 8.8

Описание

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

Релиз	Статус	Примечание
dapper	DNE
devel	not-affected	Windows only
feisty	DNE
gutsy	not-affected	Windows only
hardy	not-affected	Windows only
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%

0.05378

Низкий

7.2 High

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2008-3431

CVSS3: 8.8

nvd

больше 17 лет назад

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

CVE-2008-3431

CVSS3: 8.8

debian

больше 17 лет назад

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualB ...

GHSA-pxp3-358m-6vfm

CVSS3: 8.8

github

почти 4 года назад

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

EPSS

Процентиль: 90%

0.05378

Низкий

7.2 High

CVSS2

8.8 High

CVSS3

CVE-2008-3431

Описание

Пакет virtualbox-ose

Ссылки на источники

Связанные уязвимости