Unrated severityNVD Advisory· Published Nov 27, 2008· Updated Apr 23, 2026
CVE-2008-5256
CVE-2008-5256
Description
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
Affected products
16cpe:2.3:a:virtualox:virtualox:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:virtualox:virtualox:*:*:*:*:*:*:*:*range: <=2.0.4
- cpe:2.3:a:virtualox:virtualox:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:virtualox:virtualox:2.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- www.securityfocus.com/bid/32444nvdPatch
- www.virtualbox.org/wiki/ChangelognvdPatch
- secunia.com/advisories/32851nvdVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvd
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlnvd
- sunsolve.sun.com/search/document.donvd
- www.mandriva.com/security/advisoriesnvd
- www.securitytracker.com/idnvd
- www.virtualbox.org/changesetnvd
- www.vupen.com/english/advisories/2008/3410nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/46826nvd
News mentions
0No linked articles in our index yet.