The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Virtualox | Virtualox | * | 2.0.4 (including) |
| Virtualox | Virtualox | 1.3.2 (including) | 1.3.2 (including) |
| Virtualox | Virtualox | 1.3.4 (including) | 1.3.4 (including) |
| Virtualox | Virtualox | 1.3.6 (including) | 1.3.6 (including) |
| Virtualox | Virtualox | 1.3.8 (including) | 1.3.8 (including) |
| Virtualox | Virtualox | 1.4.0 (including) | 1.4.0 (including) |
| Virtualox | Virtualox | 1.5.0 (including) | 1.5.0 (including) |
| Virtualox | Virtualox | 1.5.2 (including) | 1.5.2 (including) |
| Virtualox | Virtualox | 1.5.4 (including) | 1.5.4 (including) |
| Virtualox | Virtualox | 1.5.6 (including) | 1.5.6 (including) |
| Virtualox | Virtualox | 1.6.0 (including) | 1.6.0 (including) |
| Virtualox | Virtualox | 1.6.2 (including) | 1.6.2 (including) |
| Virtualox | Virtualox | 1.6.4 (including) | 1.6.4 (including) |
| Virtualox | Virtualox | 1.6.6 (including) | 1.6.6 (including) |
| Virtualox | Virtualox | 2.0.0 (including) | 2.0.0 (including) |
| Virtualox | Virtualox | 2.0.2 (including) | 2.0.2 (including) |