A security vulnerability in the VBoxNetAdpCtl configuration tool for certain Sun VirtualBox 3.0 packages may allow local unprivileged users who are authorized to run VirtualBox to execute arbitrary commands with root privileges.
There are no predictable symptoms to indicate this issue has been exploited to gain elevated privileges.
This issue is addressed in the following release: Sun VirtualBox 3.0.8 (for all platforms)
Reproducible: Didn't try
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in
Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X
allows local users to gain privileges via unknown vectors.
What about the OSE edition?
>>> Install virtualbox-ose-3.0.8 into /var/tmp/portage/app-emulation/virtualbox-ose-3.0.8/image/ category app-emulation
install: cannot stat `vboxwebsrv': No such file or directory
!!! doins: vboxwebsrv does not exist
(In reply to comment #2)
> What about the OSE edition?
OSE is also affected.
Opened up bug 289307 for OSE.
(In reply to comment #4)
> >>> Install virtualbox-ose-3.0.8 into /var/tmp/portage/app-emulation/virtualbox-ose-3.0.8/image/ category app-emulation
> install: cannot stat `vboxwebsrv': No such file or directory
> !!! doins: vboxwebsrv does not exist
> USE=vboxwebsrv fails.
hi, which version of net-libs/gsoap are you using?
the compilation of vboxwebsrv is often afflicted by problems on gsoap,
vboxwebsrv compiles here with net-libs/gsoap-2.7.13 (still masked)
i just updated the virtualbox-ose ebuild (3.0.8-r1) on jokey's overlay,
it includes fix for this and other minor issues (details on ChangeLog)
*** Bug 289307 has been marked as a duplicate of this bug. ***
I added the -r1 of ose from jokey's overlay to the tree. To be stabilised
Everything in version 3.0.8
*** Bug 285451 has been marked as a duplicate of this bug. ***
(In reply to comment #9)
> Everything in version 3.0.8
Except -r1 for ose of course.
amd64 stable, all arches done.
GLSA request filed.
Old versions dropped.
GLSA 201001-04, thanks everyone.