 |
Inicial ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles Site
Analyzer ▼
Inicial
Análisis Avanzado
Análisis Estándar
Análisis Básico
Resumen de Precios/Funciones
Ordenar
Preguntas Frecuentes
Ejecutar Análisis Reportes Ver Cola Recordatorio | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.801143 |
| Categoría: | Privilege escalation |
| Título: | VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux) |
| Resumen: | The host is installed with VMWare product(s) and is prone to; Privilege Escalation vulnerability. |
| Descripción: | Summary: The host is installed with VMWare product(s) and is prone to Privilege Escalation vulnerability. Vulnerability Insight: An error occurs while setting the exception code when a '#PF' (page fault) exception arises and can be exploited to gain escalated privileges within the VMware guest. Vulnerability Impact: Local attacker can exploit this issue to gain escalated privileges in a guest virtual machine. Affected Software/OS: VMware Server version 2.0.x prior to 2.0.2 Build 203138, VMware Server version 1.0.x prior to 1.0.10 Build 203137, VMware Player version 2.5.x prior to 2.5.3 Build 185404, VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Linux. Solution: Upgrade your VMWare product according to the referenced vendor advisory. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
BugTraq ID: 36841 Common Vulnerability Exposure (CVE) ID: CVE-2009-2267 http://www.securityfocus.com/bid/36841 Bugtraq: 20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation (Google Search) http://www.securityfocus.com/archive/1/507539/100/0/threaded Bugtraq: 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues (Google Search) http://www.securityfocus.com/archive/1/507523/100/0/threaded http://security.gentoo.org/glsa/glsa-201209-25.xml http://lists.vmware.com/pipermail/security-announce/2009/000069.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 http://securitytracker.com/id?1023082 http://securitytracker.com/id?1023083 http://secunia.com/advisories/37172 http://www.vupen.com/english/advisories/2009/3062 |
| Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
| Esta es sólo una de 87302 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |