RETIRED: VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities
BID:39345
Info
RETIRED: VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities
| Bugtraq ID: | 39345 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 09 2010 12:00AM |
| Updated: | Apr 13 2010 03:32PM |
| Credit: | Jure Skofic, Mitja Kolsek, Thierry Zoller, iDefense, Sebastien Renaud, Alin Rad Pop, Alexey Sintsov,Johann MacDonagh, Thomas Toth-Steiner |
| Vulnerable: |
VMWare Workstation 6.5.3 VMWare Workstation 6.5.2 VMWare Workstation 6.5.1 VMWare Workstation 6.5 build 118166 VMWare Workstation 7.0 VMWare VIX API 1.6 VMWare Server 2.0.2 Build 203138 VMWare Server 2.0.2 VMWare Server 2.0.1 build 156745 VMWare Server 2.0.1 VMWare Server 2.0 VMWare Player 2.5.3 VMWare Player 2.5.2 VMWare Player 2.5.1 VMWare Player 2.5 build 118166 VMWare Player 3.0 VMWare Fusion 2.0.6 Build 196839 VMWare Fusion 2.0.6 VMWare Fusion 2.0.5 VMWare Fusion 2.0.4 VMWare Fusion 2.0.3 VMWare Fusion 2.0.2 build 147997 VMWare Fusion 3.0 VMWare Fusion 2 VMWare ESXi Server 4.0 VMWare ESXi Server 3.5 VMWare ESX Server 3.0.3 VMWare ESX Server 2.5.5 VMWare ESX Server 4.0 VMWare ESX Server 3.5 VMWare ACE 2.5.3 Build 185404 VMWare ACE 2.5.2 build 156735 VMWare ACE 2.5.2 VMWare ACE 2.5.1 VMWare ACE 2.5 build 118166 VMWare ACE 2.6 |
| Not Vulnerable: | |
Discussion
RETIRED: VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities
VMware-hosted products are prone to multiple remote and local vulnerabilities:
- A remote arbitrary code-execution vulnerability
- A privilege-escalation vulnerability
- Multiple heap-based buffer-overflow vulnerabilities
- Multiple format-string vulnerabilities
- A remote denial-of-service vulnerability
- An information-disclosure vulnerability
An attacker can exploit these issues to execute arbitrary code, elevate privileges, cause denial-of-service conditions, and obtain sensitive information. Other attacks are also possible.
This BID is being retired. The following individual records exist to better document these issues:
39407 VMware 'vmrun' Local Privilege Escalation Vulnerability
39395 VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
39392 VMware Hosted Products VMware Tools Library Reference Remote Code Execution Vulnerability
39394 VMware Hosted Products VMware Tools Local Privilege Escalation Vulnerability
39397 VMware Hosted Products USB Service Local Privilege Escalation Vulnerability
39396 VMware Remote Console 'connect' Method Remote Format String Vulnerability
39363 VMware Hosted Products HexTile Encoded Video Chunk Heap Buffer Overflow Vulnerability
39364 VMware Hosted Products Integer Truncation Multiple Heap Buffer Overflow Vulnerabilities
36630 VMware Player and Workstation 'vmware-authd' Remote Denial of Service Vulnerability
VMware-hosted products are prone to multiple remote and local vulnerabilities:
- A remote arbitrary code-execution vulnerability
- A privilege-escalation vulnerability
- Multiple heap-based buffer-overflow vulnerabilities
- Multiple format-string vulnerabilities
- A remote denial-of-service vulnerability
- An information-disclosure vulnerability
An attacker can exploit these issues to execute arbitrary code, elevate privileges, cause denial-of-service conditions, and obtain sensitive information. Other attacks are also possible.
This BID is being retired. The following individual records exist to better document these issues:
39407 VMware 'vmrun' Local Privilege Escalation Vulnerability
39395 VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
39392 VMware Hosted Products VMware Tools Library Reference Remote Code Execution Vulnerability
39394 VMware Hosted Products VMware Tools Local Privilege Escalation Vulnerability
39397 VMware Hosted Products USB Service Local Privilege Escalation Vulnerability
39396 VMware Remote Console 'connect' Method Remote Format String Vulnerability
39363 VMware Hosted Products HexTile Encoded Video Chunk Heap Buffer Overflow Vulnerability
39364 VMware Hosted Products Integer Truncation Multiple Heap Buffer Overflow Vulnerabilities
36630 VMware Player and Workstation 'vmware-authd' Remote Denial of Service Vulnerability
Exploit / POC
RETIRED: VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities
Some issues may not require exploits. For other issue currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Some issues may not require exploits. For other issue currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities
Solution:
The vendor has released an advisory and patches to address these issues. Please see the references for more information.
Solution:
The vendor has released an advisory and patches to address these issues. Please see the references for more information.
References
RETIRED: VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities
References:
References: