Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.800004
Kategorie:Privilege escalation
Titel:VMware Tools Local Privilege Escalation Vulnerability (Windows)
Zusammenfassung:The host is installed with VMWare product(s) that are vulnerable; to local privilege escalation vulnerability.
Beschreibung:Summary:
The host is installed with VMWare product(s) that are vulnerable
to local privilege escalation vulnerability.

Vulnerability Insight:
An input validation error is present in the Windows-based VMware HGFS.sys
driver. Exploitation of this flaw might result in arbitrary code execution
on the guest system by an unprivileged guest user. The HGFS.sys driver is
present in the guest operating system if the VMware Tools package is loaded
on Windows based Guest OS.

Vulnerability Impact:
Successful exploitation could result in guest OS users to modify
arbitrary memory locations in guest kernel memory and gain privileges.

Affected Software/OS:
VMware ACE 1.x - 1.0.5 build 79846 on Windows

VMware Player 1.x - before 1.0.6 build 80404 on Windows

VMware Server 1.x - before 1.0.5 build 80187 on Windows

VMware Workstation 5.x - before 5.5.6 build 80404 on Windows

Solution:
Upgrade VMware Product(s) to below version,

VMware ACE 1.0.5 build 79846 or later

VMware Player 1.0.6 build 80404 or later

VMware Server 1.0.5 build 80187 or later

VMware Workstation 5.5.6 build 80404 or later.

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-5671
Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/493080/100/0/threaded
Bugtraq: 20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/493148/100/0/threaded
http://www.securityfocus.com/archive/1/493172/100/0/threaded
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688
http://securitytracker.com/id?1020197
http://secunia.com/advisories/30556
http://securityreason.com/securityalert/3922
http://www.vupen.com/english/advisories/2008/1744
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.