Computer Security
[EN] securityvulns.ru no-pyccku


VMWare privilege escalation
Published:10.05.2012
Source:
SecurityVulns ID:12368
Type:local
Threat Level:
5/10
Description:Uninitialized memory reference on guest system call processing.
Affected:VMWARE : VMware Workstation 7.1
 VMWARE : VMware Player 3.1
 VMWARE : ESXi 4.1
CVE:CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.)
 CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.)
 CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.)
 CVE-2012-1517 (The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.)
 CVE-2012-1516 (The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.)
Original documentdocumentVMWARE, VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues (10.05.2012)
 documentds.adv.pub_(at)_gmail.com, VMware Backdoor Response Uninitialized Memory Potential VM Break (10.05.2012)
 documentds.adv.pub_(at)_gmail.com, VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break (10.05.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod