Computer Security
[EN] securityvulns.ru no-pyccku


VMWare multiple security vulnerabilities
updated since 08.05.2007
Published:19.05.2007
Source:
SecurityVulns ID:7683
Type:local
Threat Level:
5/10
Description:Multiple denial of service conditions against guest and host system.
Affected:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
CVE:CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.)
 CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.)
 CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction.")
 CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.)
 CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).)
Original documentdocumentVMWARE, VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability (19.05.2007)
 documentReversemode, [Reversemode Advisory] VMware Products - GPF Denial of Service (08.05.2007)
 documentVMWARE, VMSA-2007-0004 Multiple Denial-of-Service issues fixed (08.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod