|
|
>> VMware Products Command Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in various VMware products, which could be exploited by attackers or malicious users to bypass security restrictions, cause a denial of service or take complete control of an affected system.
The first issue is caused by an unspecified memory corruption error that could allow a guest operating system user with administrative privileges to execute arbitrary code on the host system.
The second vulnerability is caused by an unspecified error that could allow a guest operating system user to cause a host process to become unresponsive or exit unexpectedly, creating a denial of service condition.
The third issue is caused by integer overflow and underflow errors in the DHCP server when processing malformed requests, which could be exploited by remote attackers to compromise an affected system.
The fourth vulnerability is caused by input validation errors in the "IntraProcessLogging.dll" and "vielib.dll" librairies, which could be exploited by attackers to overwrite arbitrary files.
The fifth issue is caused due to registered Windows services being started in an insecure manner, which could be exploited by malicious users to gain elevated privileges.
The sixth vulnerability is caused by an unspecified error that could prevent VMware Player from launching, leading to a denial of service condition.
Other security issues related to Samba, Bind, krb5, vixie-cron, shadow-utils, OpenLDAP, PAM, GCC and GDB have been addressed. For additional information, see : VUPEN/ADV-2007-1805 - VUPEN/ADV-2007-0349 - VUPEN/ADV-2007-2337 - VUPEN/ADV-2007-1412 - VUPEN/ADV-2006-2006 - VUPEN/ADV-2006-3824 - VUPEN/ADV-2006-2866 - VUPEN/ADV-2006-3433
Affected Products
VMware Workstation version 6.0.0 and prior
VMware Workstation version 5.5.4 and prior
VMware Player version 1.0.4 and prior
VMware Player version 2.0.0 and prior
VMware Server version 1.0.3 and prior
VMware ACE version 1.0.3 and prior
VMware ACE version 2.0.0 and prior
VMware ESX version 3.0.2 and prior
VMware ESX version 3.0.1 and prior
VMware ESX version 3.0.0 and prior
VMware ESX version 2.5.4 and prior
VMware ESX version 2.5.3 and prior
VMware ESX version 2.1.3 and prior
VMware ESX version 2.0.2 and prior
Solution
Apply patches :
http://www.vmware.com/download/
References
http://www.vupen.com/english/advisories/2007/3229
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vmware.com/download/ws/ws5.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Credits
Vulnerabilities reported by Rafal Wojtczvk (McAfee), Neel Mehta and Ryan Smith (ISS X-Force), Goodfellas Security Research Team and Foundstone.
ChangeLog
2007-09-20 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
