|
|
>> VMware Security Update Fixes Multiple Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in VMware Server and Workstation, which could be exploited by attackers or malicious users to bypass security restrictions, cause a denial of service, or obtain elevated privileges.
The first issue is caused by errors in OpenSSL. For additional information, see : VUPEN/ADV-2006-3453 - VUPEN/ADV-2006-3820
The second vulnerability is caused by an error in "authd" when connecting to a named pipe, which could be exploited by a malicious user to execute arbitrary code with SYSTEM privileges by causing the "authd" process to connect to a named pipe that is opened and controlled by the attacker.
The third issue is caused by an error when handling insecurely created named pipe objects, which could be exploited by malicious users to gain elevated privileges or cause a denial of service.
The fourth issue is caused by errors in libpng. For additional information, see : VUPEN/ADV-2007-3391 - VUPEN/ADV-2007-3390
The fifth vulnerability is caused by an error in the shared folders feature. For additional information, see : VUPEN/ADV-2008-0679
The sixth issue is caused by insecure permissions being set on the "config.ini" file, which could be exploited by unprivileged users to bypass security restrictions or gain elevated privileges by manipulating the VMX launch or full path.
The seventh vulnerability is caused by an unspecified error that could allow anonymous console access to the guest by means of the VIX API.
The eighth issue is caused by errors in certain services being improperly registered on Windows 2000 hosted products, which could be exploited by malicious users to gain elevated privileges.
The ninth vulnerability is caused by an error in the DHCP service, which could be exploited to cause a denial of service.
The tenth issue is caused by a memory corruption error in the Virtual Machine Communication Interface (VMCI), which could be exploited to cause a denial of service.
Affected Products
VMware Workstation version 6.0.2 and prior
VMware Workstation version 5.5.4 and prior
VMware Player version 2.0.2 and prior
VMware Player version 1.0.4 and prior
VMware ACE version 2.0.2 and prior
VMware ACE version 1.0.2 and prior
VMware Server version 1.0.4 and prior
VMware Fusion version 1.1 and prior
Solution
Upgrade to VMware Server version 1.0.5, VMware Workstation version 6.0.3 or 5.5.5, VMware ACE version 2.0.3 or 1.0.5, VMware Fusion version 1.1.1, and VMware Player version 2.0.3 or 1.0.6 :
http://www.vmware.com/download/
References
http://www.vupen.com/english/advisories/2008/0905
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
Credits
Vulnerabilities reported by the vendor, CORE Security Technologies, Sun Bing, Ray Hicken, David Maciejak, Martin O'Neal, and Andrew Honig (Department of Defense).
ChangeLog
2008-03-17 : Initial release
2008-03-18 : Updated Advisory
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
