Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability

Bugtraq ID:	30481
Class:	Input Validation Error
CVE:	CVE-2008-3431
Remote:	No
Local:	Yes
Published:	Aug 04 2008 12:00AM
Updated:	Aug 26 2008 11:24PM
Credit:	Anibal Sacco, from CORE IMPACT's Exploit Writing Team (EWT)
Vulnerable:	Sun xVM VirtualBox 1.6.2 Sun xVM VirtualBox 1.6
Not Vulnerable:	Sun xVM VirtualBox 1.6.4

Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability

Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability that occurs in the 'VBoxDrv.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Sun xVM VirtualBox 1.6.0 and 1.6.2 running on Windows are vulnerable; other versions may also be affected.

Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability

The following proof of concept is available:

• /data/vulnerabilities/exploits/30481.c

Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability

Solution:
The vendor has released updates. Please see the references for more information.

Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability

References:

• xVM Virtual Box Homepage (Sun Microsystems)
  
• CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability (CORE Security Technologies Advisories )
  
• Sun Alert ID: 240095 (Sun Microsystems)