DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dosbox | Dosbox | * | 0.72 (including) |
| Dosbox | Ubuntu | dapper | * |
| Dosbox | Ubuntu | devel | * |
| Dosbox | Ubuntu | edgy | * |
| Dosbox | Ubuntu | feisty | * |
| Dosbox | Ubuntu | gutsy | * |
| Dosbox | Ubuntu | hardy | * |
| Dosbox | Ubuntu | intrepid | * |
| Dosbox | Ubuntu | jaunty | * |
| Dosbox | Ubuntu | karmic | * |
References
- http://aluigi.org/poc/dosboxxx.zip
- http://osvdb.org/44766
- http://securityreason.com/securityalert/3442
- http://www.securityfocus.com/archive/1/484835/100/0/threaded
- http://www.securityfocus.com/bid/26802
- http://www.vupen.com/english/advisories/2007/4170
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38970
- http://aluigi.org/poc/dosboxxx.zip
- http://osvdb.org/44766
- http://securityreason.com/securityalert/3442
- http://www.securityfocus.com/archive/1/484835/100/0/threaded
- http://www.securityfocus.com/bid/26802
- http://www.vupen.com/english/advisories/2007/4170
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38970