Búsqueda de    
Vulnerabilidad   
    Buscar 202850 Descripciones CVE y
87302 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.801143
Categoría:Privilege escalation
Título:VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux)
Resumen:The host is installed with VMWare product(s) and is prone to; Privilege Escalation vulnerability.
Descripción:Summary:
The host is installed with VMWare product(s) and is prone to
Privilege Escalation vulnerability.

Vulnerability Insight:
An error occurs while setting the exception code when a '#PF' (page fault)
exception arises and can be exploited to gain escalated privileges within the VMware guest.

Vulnerability Impact:
Local attacker can exploit this issue to gain escalated privileges in a guest
virtual machine.

Affected Software/OS:
VMware Server version 2.0.x prior to 2.0.2 Build 203138,
VMware Server version 1.0.x prior to 1.0.10 Build 203137,
VMware Player version 2.5.x prior to 2.5.3 Build 185404,
VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Linux.

Solution:
Upgrade your VMWare product according to the referenced vendor advisory.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 36841
Common Vulnerability Exposure (CVE) ID: CVE-2009-2267
http://www.securityfocus.com/bid/36841
Bugtraq: 20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation (Google Search)
http://www.securityfocus.com/archive/1/507539/100/0/threaded
Bugtraq: 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues (Google Search)
http://www.securityfocus.com/archive/1/507523/100/0/threaded
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://lists.vmware.com/pipermail/security-announce/2009/000069.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473
http://securitytracker.com/id?1023082
http://securitytracker.com/id?1023083
http://secunia.com/advisories/37172
http://www.vupen.com/english/advisories/2009/3062
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 87302 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.