Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.801143
Kategorie:Privilege escalation
Titel:VMware Products Guest Privilege Escalation Vulnerability - Nov09 (Linux)
Zusammenfassung:The host is installed with VMWare product(s) and is prone to; Privilege Escalation vulnerability.
Beschreibung:Summary:
The host is installed with VMWare product(s) and is prone to
Privilege Escalation vulnerability.

Vulnerability Insight:
An error occurs while setting the exception code when a '#PF' (page fault)
exception arises and can be exploited to gain escalated privileges within
the VMware guest.

Vulnerability Impact:
Local attacker can exploit this issue to gain escalated privileges in a guest
virtual machine.

Affected Software/OS:
VMware Server version 2.0.x prior to 2.0.2 Build 203138,
VMware Server version 1.0.x prior to 1.0.10 Build 203137,
VMware Player version 2.5.x prior to 2.5.3 Build 185404,
VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Linux.

Solution:
Upgrade your VMWare product according to the referenced vendor advisory.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 36841
Common Vulnerability Exposure (CVE) ID: CVE-2009-2267
http://www.securityfocus.com/bid/36841
Bugtraq: 20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation (Google Search)
http://www.securityfocus.com/archive/1/507539/100/0/threaded
Bugtraq: 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues (Google Search)
http://www.securityfocus.com/archive/1/507523/100/0/threaded
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://lists.vmware.com/pipermail/security-announce/2009/000069.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473
http://securitytracker.com/id?1023082
http://securitytracker.com/id?1023083
http://secunia.com/advisories/37172
http://www.vupen.com/english/advisories/2009/3062
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.