CVE-2009-3692

VirtualBox <3.0.8 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3692. PoCs published by prdelka.

AI-analyzed exploit summary This exploit leverages a popen() meta-character shell injection vulnerability in Sun VirtualBox <= 3.0.6 to achieve local privilege escalation. It creates a SUID root shell by exploiting the VBoxNetAdpCtl binary's improper handling of command-line arguments.

Description

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by prdelka · bashlocalmultiple

https://www.exploit-db.com/exploits/9973

View Code ZIP pw:eip

This exploit leverages a popen() meta-character shell injection vulnerability in Sun VirtualBox <= 3.0.6 to achieve local privilege escalation. It creates a SUID root shell by exploiting the VBoxNetAdpCtl binary's improper handling of command-line arguments.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Sun VirtualBox <= 3.0.6

No auth needed

Prerequisites: Local access to the system · VirtualBox <= 3.0.6 installed · Presence of VBoxNetAdpCtl binary

MITRE ATT&CK