Contact | Site en Français               

 


 

VUPEN VNS v4.0
 
  Features and Options
  Free 14-Day Trial

  Partner Program
  Receive More Information
 
   
 

Latest Intelligence
 
  VUPEN Security Advisories

  Virus and Malware Alerts
  VUPEN Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> VMware Products Code Execution and Denial of Service Vulnerabilities

Title : VMware Products Code Execution and Denial of Service Vulnerabilities
VUPEN ID : VUPEN/ADV-2009-0944
CVE ID : CVE-2008-3761 - CVE-2008-4916 - CVE-2009-0177 - CVE-2009-0518 - CVE-2009-0908 - CVE-2009-0909 - CVE-2009-0910 - CVE-2009-1146 - CVE-2009-1147 - CVE-2009-1244
CWE ID : VUPEN VNS Only
CVSS V2 : VUPEN VNS Only
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2009-04-06


Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by attackers or malicious users to cause a denial of service, gain elevated privileges, or execute arbitrary code.

The first issue is caused by an unspecified error in a guest virtual device driver, which could allow a guest operating system to crash the host, creating a denial of service condition.

The second vulnerability is caused by unspecified errors in an ioctl in "hcmon.sys", which could be exploited by a privileged Windows account to create a denial of service on a Windows-based host.

The third vulnerability is caused by an error in the Virtual Machine Communication Interface (VMCI) driver (vmci.sys), which could allow privilege escalation on Windows-based machines (hosts and guests). VMware ESX is not affected.

The fourth issue is caused by heap overflow errors in the VNnc Codec, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a malicious web page or opening a specially crafted video file. VMware ESX is not affected.

The fifth issue is caused by an error in the "vmware-authd" daemon when processing overly long data, which could be exploited to cause a denial of service. For additional information, see : VUPEN/ADV-2009-0024

The sixth weakness is caused due to the password for VirtualCenter Server being present in the memory of the VI Client after logging in to VirtualCenter Server with VI Client.

The seventh issue is caused by an unspecified error in the ACE shared folders, which could allow a previously disabled and not removed shared folder in the guest to be enabled by a non ACE Administrator. The issues only affects VMware ACE.

The eighth vulnerability is caused by an unspecified error in the virtual machine display function, which may allow a guest operating system to run code on the host.

Affected Products

VMware Workstation version 6.5.1 and prior
VMware Player version 2.5.1 and prior
VMware ACE version 2.5.1 and prior
VMware Server version 2.0
VMware Server version 1.0.8 and prior
VMware ESXi version 3.5
VMware ESX version 3.5
VMware ESX version 3.0.3
VMware ESX version 3.0.2
VMware Fusion version 2.0.3 and prior

Solution

Upgrade to VMware Workstation version 6.5.2 :
http://www.vmware.com/download/ws/

Upgrade to VMware Player version 2.5.2 :
http://www.vmware.com/download/player/

Upgrade to VMware ACE version 2.5.2 :
http://www.vmware.com/download/ace/

Upgrade to VMware Server version 2.0.1 or 1.0.9 :
http://www.vmware.com/download/server/

Upgrade to VirtualCenter version 2.5 Update 4 :
http://www.vmware.com/download/download.do

VMware ESXi 3.5 - Apply patches ESXe350-200811401-O-SG and ESXe350-200903201-O-UG :
http://download3.vmware.com/software/vi/ESXe350-200811401-O-SG.zip
http://download3.vmware.com/software/vi/ESXe350-200903201-O-UG.zip

VMware ESX 3.5 - Apply patches ESX350-200811401-SG and ESX350-200903201-UG :
http://download3.vmware.com/software/vi/ESX350-200811401-SG.zip
http://download3.vmware.com/software/vi/ESX350-200903201-UG.zip

VMware ESX 3.0.3 - Apply patch ESX303-200811401-BG :
http://download3.vmware.com/software/vi/ESX303-200811401-BG.zip

VMware ESX 3.0.2 - Apply patch ESX-1006980 :
http://download3.vmware.com/software/vi/ESX-1006980.tgz

References

http://www.vupen.com/english/advisories/2009/0944
http://lists.vmware.com/pipermail/security-announce/2009/000054.html
http://lists.vmware.com/pipermail/security-announce/2009/000055.html
http://dvlabs.tippingpoint.com/advisory/TPTI-09-02
http://dvlabs.tippingpoint.com/advisory/TPTI-09-01
http://en.securitylab.ru/lab/PT-2008-07
http://en.securitylab.ru/lab/PT-2008-05

Credits

Vulnerabilities reported by Andrew Honig (DoD), Nikita Tarakanov, Aaron Portnoy (TippingPoint DVLabs) and ZDI, and Craig Marshall.

ChangeLog

2009-04-06 : Initial release
2009-04-07 : Updated References
2009-04-10 : Updated Description

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

VUPEN Vulnerability
Notification Service
 

Latest Advisories
  

   
    





Copyright VUPEN © 2004-2010 - Privacy Policy