| - |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. |
| + |
A security has been found in Oracle VM VirtualBox prior to verision 6.1.20. The issue is in the script "vboxautostart-service.sh" which is distributed by Oracle as part of their virtualbox RPMs. By default this script is not used but it can be enabled by an administrator. |
| + |
|
| + |
In the context of the autostart feature a directory "$VBOXAUTOSTART_DB" (by default /etc/vbox) is used. Local users in the system are granted write access to this directory. Users are supposed to create files of the form "<username>.start" to configure autostarting of their respective virtualbox VMs. By creating a file with a crafted name, such as "$VBOXAUTOSTART_DB/--evil.start", users are able to pass arbitrary command line flags to the "su" utility invoked by "vboxautostart-service.sh". While this does not lead to a full local root exploit due to the fact that filenames cannot contain '/' characters and that the attacker cannot influence the command that is run, it could be a successful attack vector when combined with other security issues. |
| + |
|
| + |
Beyond this any member of the vboxusers group can influence the autostart settings of other users, as long as the victim user is allowed to autostart via /etc/vbox/autostart.cfg. |