Computer Security
[EN] no-pyccku

VMWare multiple security vulnerabilities
updated since 05.06.2008
SecurityVulns ID:9055
Threat Level:
Description:Multiple privilege escalation in guest OS.
Affected:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
 VMWARE : VMWare Workstation 6.0
 VMWARE : VMware Player 2.0
 VMWARE : VMWare ACE 2.0
 VMWARE : VMware Fusion 1.1
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESXi 3.0
 VMWARE : VMware ESXi 2.5
CVE:CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length.")
 CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.)
 CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.)
Original documentdocumentVMWARE, iDefense Security Advisory 06.04.08: VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability (05.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability (05.06.2008)
 documentVMWARE, VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (05.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod