Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.800006
Kategorie:Privilege escalation
Titel:VMware Product(s) Local Privilege Escalation Vulnerability
Zusammenfassung:The host is installed with VMWare product(s) that are vulnerable; to local privilege escalation vulnerability.
Beschreibung:Summary:
The host is installed with VMWare product(s) that are vulnerable
to local privilege escalation vulnerability.

Vulnerability Insight:
Issue is due to local exploitation of an untrusted library path in
vmware-authd.

VMware VIX API (Application Program Interface) fails to adequately bounds
check user supplied input before copying it to insufficient size buffer.

Vulnerability Impact:
Successful exploitation could result in arbitrary code execution
on linux based host system by an unprivileged user and can also crash the
application.

Local access is required in order to execute the set-uid vmware-authd and
Also, vix.inGuest.enable configuration must be set.

Affected Software/OS:
VMware Player 1.x - before 1.0.7 build 91707 on Linux

VMware Player 2.x - before 2.0.4 build 93057 on Linux

VMware Server 1.x - before 1.0.6 build 91891 on Linux

VMware Workstation 5.x - before 5.5.7 build 91707 on Linux

VMware Workstation 6.x - before 6.0.4 build 93057 on Linux

Solution:
Upgrade VMware Product(s) to below version,

VMware Player 1.0.7 build 91707 or 2.0.4 build 93057 or later

VMware Server 1.0.6 build 91891 or later

VMware Workstation 5.5.7 build 91707 or 6.0.4 build 93057 or later.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 29552
Common Vulnerability Exposure (CVE) ID: CVE-2008-0967
BugTraq ID: 29557
http://www.securityfocus.com/bid/29557
Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583
http://securitytracker.com/id?1020198
http://secunia.com/advisories/30556
http://securityreason.com/securityalert/3922
http://www.vupen.com/english/advisories/2008/1744
XForce ISS Database: vmware-vmwareauthd-privilege-escalation(42878)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
Common Vulnerability Exposure (CVE) ID: CVE-2008-2100
http://www.securityfocus.com/bid/29552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647
http://securitytracker.com/id?1020200
XForce ISS Database: vmware-vixapi-multiple-unspecified-bo(42872)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42872
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.