Executive Summary

Summary
Title Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues
Informations
Name VMSA-2008-0008 First vendor Publication 2008-05-30
Vendor VMware Last vendor Modification 2008-05-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. VMware HGFS File System Heap Overflow

The VMware Host Guest File System (HGFS) shared folders feature allows users to transfer data between a guest operating system and the non-virtualized host operating system that contains it.

A heap buffer overflow condition is present in VMware HGFS. Exploitation of this flaw might allow an unprivileged guest process to execute code in the context of the vmx process on the host.

In order to exploit this vulnerability, the VMware system must have at least one folder shared. Two things must happen for a folder to be shared. 1) Shared folders must be enabled, and 2) a folder must be selected from the host system to be shared. No folders are shared by default in any version of our products, which means this vulnerability is not exploitable by default. Workstation 6.x, Player 2.x, and ACE 2.x have shared folders disabled by default.

VMware Server, ESX and ESXi do not provide the shared folders feature. Because there is no back-end for the HGFS protocol on the virtualization host, these products are architecturally immune to this issue.

This issue might not be exploitable on host operating systems which have implemented heap protection.

VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2098 to this issue.

b. Windows based VMCI arbitrary code execution vulnerability

VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, and VMware ACE 2.0. It is an experimental, optional feature that allows virtual machines to communicate with one another.

With VMCI enabled a guest may execute arbitrary code in the context of the vmx process on the host. This is a compiler dependent vulnerability and only affects systems running on windows hosts.

VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2099 to this issues.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2008-0008.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 2
Application 7
Application 4
Application 1

OpenVAS Exploits

Date Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w...
File : nvt/glsa_201209_25.nasl
2008-09-25 Name : VMCI/HGFS VmWare Code Execution Vulnerability (Linux)
File : nvt/gb_vmware_prdts_mult_vuln_lin.nasl
2008-09-25 Name : VMCI/HGFS VmWare Code Execution Vulnerability (Win)
File : nvt/gb_vmware_prdts_mult_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45891 VMware Multiple Products VMCI Arbitrary Local Code Execution

45890 VMware Multiple Products Host Guest File System (HGFS) Shared Folders Feature...

Nessus® Vulnerability Scanner

Date Description
2012-10-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO
2008-06-03 Name : The remote Windows host has an application that is affected by multiple issues.
File : vmware_multiple_vmsa_2008_0008.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:07:08
  • Multiple Updates
2013-12-14 21:19:30
  • Multiple Updates