CVE-2009-3692 (GCVE-0-2009-3692)

Vulnerability from cvelistv5 – Published: 2009-10-13 10:00 – Updated: 2024-08-07 06:38

Summary

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.virtualbox.org/wiki/Changelog	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/2845	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/36604	vdb-entryx_refsource_BID
	http://www.osvdb.org/58652	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1022990	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/36929	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.virtualbox.org/wiki/Changelog"
          },
          {
            "name": "ADV-2009-2845",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2845"
          },
          {
            "name": "36604",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36604"
          },
          {
            "name": "58652",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/58652"
          },
          {
            "name": "1022990",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022990"
          },
          {
            "name": "36929",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36929"
          },
          {
            "name": "268188",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
          },
          {
            "name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.virtualbox.org/wiki/Changelog"
        },
        {
          "name": "ADV-2009-2845",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2845"
        },
        {
          "name": "36604",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36604"
        },
        {
          "name": "58652",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/58652"
        },
        {
          "name": "1022990",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022990"
        },
        {
          "name": "36929",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36929"
        },
        {
          "name": "268188",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
        },
        {
          "name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.virtualbox.org/wiki/Changelog",
              "refsource": "CONFIRM",
              "url": "http://www.virtualbox.org/wiki/Changelog"
            },
            {
              "name": "ADV-2009-2845",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2845"
            },
            {
              "name": "36604",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36604"
            },
            {
              "name": "58652",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/58652"
            },
            {
              "name": "1022990",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022990"
            },
            {
              "name": "36929",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36929"
            },
            {
              "name": "268188",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
            },
            {
              "name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3692",
    "datePublished": "2009-10-13T10:00:00",
    "dateReserved": "2009-10-13T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEB28343-0302-4490-AD8C-C0C5F9B0527B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44193C48-D911-457D-B152-DE36E37AC6E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D151779F-5C0C-449E-BBEE-32830C03B865\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C043BB9-6FC5-427E-A7E3-B1D883E918A4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:sun:opensolaris:*:*:x86:*:*:*:*:*\", \"matchCriteriaId\": \"F8222C41-435E-4017-A8C7-D7AB624A6D05\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*\", \"matchCriteriaId\": \"FEEC0C5A-4A6E-403C-B929-D1EC8B0FE2A8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en la herramienta de configuraci\\u00f3n VBoxNetAdpCtl en Sun VirtualBox v3.0.x anterior v3.0.8 en Solaris x86, Linux, y Mac OS X permite a usuarios locales obtener privilegios a trav\\u00e9s de vectores desconocidos.\"}]",
      "id": "CVE-2009-3692",
      "lastModified": "2024-11-21T01:07:58.290",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-10-13T10:30:00.703",
      "references": "[{\"url\": \"http://secunia.com/advisories/36929\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securitytracker.com/id?1022990\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/58652\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/36604\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.virtualbox.org/wiki/Changelog\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2845\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/53671\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secunia.com/advisories/36929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securitytracker.com/id?1022990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/58652\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/36604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.virtualbox.org/wiki/Changelog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2845\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/53671\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3692\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-10-13T10:30:00.703\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en la herramienta de configuraci\u00f3n VBoxNetAdpCtl en Sun VirtualBox v3.0.x anterior v3.0.8 en Solaris x86, Linux, y Mac OS X permite a usuarios locales obtener privilegios a trav\u00e9s de vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEB28343-0302-4490-AD8C-C0C5F9B0527B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44193C48-D911-457D-B152-DE36E37AC6E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D151779F-5C0C-449E-BBEE-32830C03B865\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C043BB9-6FC5-427E-A7E3-B1D883E918A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:sun:opensolaris:*:*:x86:*:*:*:*:*\",\"matchCriteriaId\":\"F8222C41-435E-4017-A8C7-D7AB624A6D05\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*\",\"matchCriteriaId\":\"FEEC0C5A-4A6E-403C-B929-D1EC8B0FE2A8\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/36929\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1022990\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/58652\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/36604\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.virtualbox.org/wiki/Changelog\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2845\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/53671\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/36929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securitytracker.com/id?1022990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/58652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/36604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.virtualbox.org/wiki/Changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2845\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/53671\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2009-3692

Vulnerability from fkie_nvd - Published: 2009-10-13 10:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/36929	Broken Link
cve@mitre.org	http://securitytracker.com/id?1022990	Third Party Advisory, VDB Entry
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/58652	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/36604	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.virtualbox.org/wiki/Changelog	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2845	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/53671	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36929	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022990	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/58652	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36604	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.virtualbox.org/wiki/Changelog	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2845	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/53671	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
sun	virtualbox	3.0.0
sun	virtualbox	3.0.2
sun	virtualbox	3.0.4
sun	virtualbox	3.0.6
apple	mac_os_x	*
linux	linux_kernel	-
sun	opensolaris	*
sun	solaris	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB28343-0302-4490-AD8C-C0C5F9B0527B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44193C48-D911-457D-B152-DE36E37AC6E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D151779F-5C0C-449E-BBEE-32830C03B865",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C043BB9-6FC5-427E-A7E3-B1D883E918A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:sun:opensolaris:*:*:x86:*:*:*:*:*",
              "matchCriteriaId": "F8222C41-435E-4017-A8C7-D7AB624A6D05",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*",
              "matchCriteriaId": "FEEC0C5A-4A6E-403C-B929-D1EC8B0FE2A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la herramienta de configuraci\u00f3n VBoxNetAdpCtl en Sun VirtualBox v3.0.x anterior v3.0.8 en Solaris x86, Linux, y Mac OS X permite a usuarios locales obtener privilegios a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2009-3692",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-10-13T10:30:00.703",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/36929"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1022990"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/58652"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36604"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.virtualbox.org/wiki/Changelog"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2845"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/36929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1022990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/58652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.virtualbox.org/wiki/Changelog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200910-0199

Vulnerability from variot - Updated: 2024-05-18 22:00

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IBM Informix Client Software Development Kit (CSDK) 3.5 IBM Informix Connect 3.x Other products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: IBM Informix Products Setnet32 Utility ".nfx" Processing Buffer Overflow

SECUNIA ADVISORY ID: SA36949

VERIFY ADVISORY: http://secunia.com/advisories/36949/

DESCRIPTION: bruiser has discovered a vulnerability in IBM Informix Client Software Development Kit (CSDK) and IBM Informix Connect, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the processing of ".nfx" files. This can be exploited to cause a stack-based buffer overflow when an ".nfx" file having e.g. an overly long "HostList" entry is opened.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in setnet32.exe version 3.50.0.13752 included in IBM Informix CSDK version 3.50. Other versions may also be affected.

SOLUTION: Do not open untrusted ".nfx" files.

PROVIDED AND/OR DISCOVERED BY: Nine:Situations:Group::bruiser

ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ibm_setnet32.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

SOLUTION: Update to version 3.0.8.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201001-04

                                        http://security.gentoo.org/

Severity: Normal Title: VirtualBox: Multiple vulnerabilities Date: January 13, 2010 Bugs: #288836, #294678 ID: 201001-04

Synopsis

Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation.

Background

The VirtualBox family provides powerful x86 virtualization products. -------------------------------------------------------------------

Description

Thomas Biege of SUSE discovered multiple vulnerabilities:

A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool.
An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors.

Workaround

There is no known workaround at this time.

Resolution

All users of the binary version of VirtualBox should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose

">=app-emulation/virtualbox-bin-3.0.12"

All users of the Open Source version of VirtualBox should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose

">=app-emulation/virtualbox-ose-3.0.12"

All users of the binary VirtualBox Guest Additions should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose

">=app-emulation/virtualbox-guest-additions-3.0.12"

All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose

">=app-emulation/virtualbox-ose-additions-3.0.12"

References

[ 1 ] CVE-2009-3692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692 [ 2 ] CVE-2009-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201001-04.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200910-0199",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "virtualbox",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sun",
        "version": "3.0.6"
      },
      {
        "model": "virtualbox",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sun",
        "version": "3.0.4"
      },
      {
        "model": "virtualbox",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "sun",
        "version": "3.0.2"
      },
      {
        "model": "virtualbox",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sun",
        "version": "3.0.0"
      },
      {
        "model": "virtualbox",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "3.0.8"
      },
      {
        "model": "virtualbox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "3.0.x"
      },
      {
        "model": "informix csdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.50"
      },
      {
        "model": "informix connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "virtualbox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": "3.0.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36588"
      },
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:sun:opensolaris:*:*:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Thomas Biege of SUSE Linux",
    "sources": [
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-3692",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-3692",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-41138",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-3692",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200910-203",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-41138",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41138"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. Multiple IBM Informix products are prone to a buffer-overflow  vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects the following:\nIBM Informix Client Software Development Kit (CSDK) 3.5\nIBM Informix Connect 3.x\nOther products that use the Setnet32 3.50.0.13752 utility may also be vulnerable. Sun VirtualBox is prone to a local privilege-escalation vulnerability. Successful exploits will completely compromise affected computers. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nIBM Informix Products Setnet32 Utility \".nfx\" Processing Buffer\nOverflow\n\nSECUNIA ADVISORY ID:\nSA36949\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36949/\n\nDESCRIPTION:\nbruiser has discovered a vulnerability in IBM Informix Client\nSoftware Development Kit (CSDK) and IBM Informix Connect, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to a boundary error in the processing\nof \".nfx\" files. This can be exploited to cause a stack-based buffer\noverflow when an \".nfx\" file having e.g. an overly long \"HostList\"\nentry is opened. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nThe vulnerability is confirmed in setnet32.exe version 3.50.0.13752\nincluded in IBM Informix CSDK version 3.50. Other versions may also\nbe affected. \n\nSOLUTION:\nDo not open untrusted \".nfx\" files. \n\nPROVIDED AND/OR DISCOVERED BY:\nNine:Situations:Group::bruiser\n\nORIGINAL ADVISORY:\nhttp://retrogod.altervista.org/9sg_ibm_setnet32.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nSOLUTION:\nUpdate to version 3.0.8. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thomas Biege of SUSE Linux. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201001-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: VirtualBox: Multiple vulnerabilities\n      Date: January 13, 2010\n      Bugs: #288836, #294678\n        ID: 201001-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in VirtualBox were found, the worst of which\nallowing for privilege escalation. \n\nBackground\n==========\n\nThe VirtualBox family provides powerful x86 virtualization products. \n    -------------------------------------------------------------------\n\nDescription\n===========\n\nThomas Biege of SUSE discovered multiple vulnerabilities:\n\n* A shell metacharacter injection in popen() (CVE-2009-3692) and a\n  possible buffer overflow in strncpy() in the VBoxNetAdpCtl\n  configuration tool. \n\n* An unspecified vulnerability in VirtualBox Guest Additions\n  (CVE-2009-3940). A guest OS local user could cause a Denial\nof Service (memory consumption) on the guest OS via unknown vectors. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll users of the binary version of VirtualBox should upgrade to the\nlatest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-bin-3.0.12\"\n\nAll users of the Open Source version of VirtualBox should upgrade to\nthe latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-ose-3.0.12\"\n\nAll users of the binary VirtualBox Guest Additions should upgrade to\nthe latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-guest-additions-3.0.12\"\n\nAll users of the Open Source VirtualBox Guest Additions should upgrade\nto the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose\n\"\u003e=app-emulation/virtualbox-ose-additions-3.0.12\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2009-3692\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692\n  [ 2 ] CVE-2009-3940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-201001-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "db": "BID",
        "id": "36588"
      },
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-41138"
      },
      {
        "db": "PACKETSTORM",
        "id": "81799"
      },
      {
        "db": "PACKETSTORM",
        "id": "81856"
      },
      {
        "db": "PACKETSTORM",
        "id": "85077"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-41138",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41138"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-3692",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "36604",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "36929",
        "trust": 1.2
      },
      {
        "db": "OSVDB",
        "id": "58652",
        "trust": 1.1
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-2845",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1022990",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "36588",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "36949",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "53644",
        "trust": 0.6
      },
      {
        "db": "SECTRACK",
        "id": "1022985",
        "trust": 0.6
      },
      {
        "db": "OSVDB",
        "id": "58530",
        "trust": 0.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-2834",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "85077",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "82055",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-67009",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "9973",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-41138",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81799",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81856",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41138"
      },
      {
        "db": "BID",
        "id": "36588"
      },
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "db": "PACKETSTORM",
        "id": "81799"
      },
      {
        "db": "PACKETSTORM",
        "id": "81856"
      },
      {
        "db": "PACKETSTORM",
        "id": "85077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "id": "VAR-200910-0199",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41138"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-05-18T22:00:12.024000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Sun Alert 268188",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/sun_alert_268188_security_vulnerability"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
      },
      {
        "trust": 1.2,
        "url": "http://www.virtualbox.org/wiki/changelog"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/36604"
      },
      {
        "trust": 1.1,
        "url": "http://www.osvdb.org/58652"
      },
      {
        "trust": 1.1,
        "url": "http://securitytracker.com/id?1022990"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/36929"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2009/2845"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3692"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3692"
      },
      {
        "trust": 0.7,
        "url": "http://retrogod.altervista.org/9sg_ibm_setnet32.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/53644"
      },
      {
        "trust": 0.6,
        "url": "http://www.vupen.com/english/advisories/2009/2834"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/36588"
      },
      {
        "trust": 0.6,
        "url": "http://www.osvdb.org/58530"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id?1022985"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/36949"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/software/data/informix/tools/csdk/"
      },
      {
        "trust": 0.3,
        "url": "http://xorl.wordpress.com/2009/10/13/cve-2009-3692-virtualbox-vboxnetadpctl-privilege-escalation/"
      },
      {
        "trust": 0.3,
        "url": "http://www.virtualbox.org/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36949/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36929/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3940"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3692"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3940"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201001-04.xml"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-41138"
      },
      {
        "db": "BID",
        "id": "36588"
      },
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "db": "PACKETSTORM",
        "id": "81799"
      },
      {
        "db": "PACKETSTORM",
        "id": "81856"
      },
      {
        "db": "PACKETSTORM",
        "id": "85077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-41138"
      },
      {
        "db": "BID",
        "id": "36588"
      },
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "db": "PACKETSTORM",
        "id": "81799"
      },
      {
        "db": "PACKETSTORM",
        "id": "81856"
      },
      {
        "db": "PACKETSTORM",
        "id": "85077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-10-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41138"
      },
      {
        "date": "2009-10-01T00:00:00",
        "db": "BID",
        "id": "36588"
      },
      {
        "date": "2009-10-06T00:00:00",
        "db": "BID",
        "id": "36604"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "date": "2009-10-05T14:37:52",
        "db": "PACKETSTORM",
        "id": "81799"
      },
      {
        "date": "2009-10-07T05:27:52",
        "db": "PACKETSTORM",
        "id": "81856"
      },
      {
        "date": "2010-01-14T02:32:25",
        "db": "PACKETSTORM",
        "id": "85077"
      },
      {
        "date": "2009-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      },
      {
        "date": "2009-10-13T10:30:00.703000",
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-41138"
      },
      {
        "date": "2009-10-15T22:28:00",
        "db": "BID",
        "id": "36588"
      },
      {
        "date": "2010-01-14T09:11:00",
        "db": "BID",
        "id": "36604"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-006423"
      },
      {
        "date": "2009-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      },
      {
        "date": "2024-05-17T17:26:40.527000",
        "db": "NVD",
        "id": "CVE-2009-3692"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "PACKETSTORM",
        "id": "81856"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "36604"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200910-203"
      }
    ],
    "trust": 0.6
  }
}

GSD-2009-3692

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

Aliases

CVE-2009-3692

Aliases

CVE-2009-3692

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3692",
    "description": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.",
    "id": "GSD-2009-3692",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3692.html",
      "https://packetstormsecurity.com/files/cve/CVE-2009-3692"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3692"
      ],
      "details": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.",
      "id": "GSD-2009-3692",
      "modified": "2023-12-13T01:19:50.074347Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3692",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.virtualbox.org/wiki/Changelog",
            "refsource": "CONFIRM",
            "url": "http://www.virtualbox.org/wiki/Changelog"
          },
          {
            "name": "ADV-2009-2845",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2845"
          },
          {
            "name": "36604",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36604"
          },
          {
            "name": "58652",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/58652"
          },
          {
            "name": "1022990",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022990"
          },
          {
            "name": "36929",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36929"
          },
          {
            "name": "268188",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
          },
          {
            "name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:sun:opensolaris:*:*:x86:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3692"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "58652",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/58652"
            },
            {
              "name": "268188",
              "refsource": "SUNALERT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
            },
            {
              "name": "http://www.virtualbox.org/wiki/Changelog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.virtualbox.org/wiki/Changelog"
            },
            {
              "name": "36929",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36929"
            },
            {
              "name": "1022990",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1022990"
            },
            {
              "name": "ADV-2009-2845",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2845"
            },
            {
              "name": "36604",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36604"
            },
            {
              "name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:31Z",
      "publishedDate": "2009-10-13T10:30Z"
    }
  }
}

GHSA-265G-226Q-C27C

Vulnerability from github – Published: 2022-05-02 03:47 – Updated: 2022-05-02 03:47

Details

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3692"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-10-13T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.",
  "id": "GHSA-265g-226q-c27c",
  "modified": "2022-05-02T03:47:42Z",
  "published": "2022-05-02T03:47:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3692"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36929"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022990"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/58652"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36604"
    },
    {
      "type": "WEB",
      "url": "http://www.virtualbox.org/wiki/Changelog"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2845"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3692 (GCVE-0-2009-3692)

FKIE_CVE-2009-3692

VAR-200910-0199

Synopsis

Background

Description

Workaround

Resolution

References

Availability

Concerns?

License

GSD-2009-3692

GHSA-265G-226Q-C27C

Tags

Sightings

Nomenclature