Oracle VirtualBox Unspecified Privilege Escalation

by Carol~ Moderator - 1/16/13 11:51 AM

In Reply to: VULNERABILITIES / FIXES - January 16, 2013 by Carol~ Moderator

Oracle VirtualBox Unspecified Privilege Escalation Vulnerability

Release Date : 2013-01-16

Criticality level : Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch

Software: Oracle VirtualBox 4.x

Description:
A vulnerability has been reported in Oracle VirtualBox, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The vulnerability is caused due to an unspecified error within the core component and can be exploited to cause a hang and manipulate certain VirtualBox accessible data.

The vulnerability is reported in versions 4.0, 4.1, and 4.2.

Solution:
Apply patch (please see the vendor's advisory for details).

Provided and/or discovered by:
It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for January 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixOVIR

http://secunia.com/advisories/51893/