VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability - Secunia - Chris Mosby at myITforum.com

Monday, October 06, 2008 4:22 PM cmosby

VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability - Secunia

VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability
Secunia Advisory:	SA32157
Release Date:	2008-10-06
Popularity:	224 views

Critical:	Less critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	VMware ESX Server 3.x VMware ESXi 3.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2008-4279

Description: A vulnerability has been reported in VMware ESX / ESXi, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the emulation of "JMP" instructions to "non-canonical" 64-bit addresses. This can be exploited to run arbitrary code with escalated privileges inside a VMware guest. Solution: Apply vendor patches. VMware ESXi 3.5: Apply patch ESXe350-200809401-O-SG. http://download3.vmware.com/software/esx/ESXe350-200809401-O-SG.zip VMware ESX 3.5: Apply patch ESX350-200809404-SG. http://download3.vmware.com/software/esx/ESX350-200809404-SG.zip VMware ESX 3.0.3: Apply patch ESX303-200809401. http://download3.vmware.com/software/vi/ESX303-200809401-SG.zip VMware ESX 3.0.2: Apply patch ESX-1006361. http://download3.vmware.com/software/vi/ESX-1006361.tgz VMware ESX 3.0.1: Apply patch patch ESX-1006678. http://download3.vmware.com/software/vi/ESX-1006678.tgz Provided and/or discovered by: The vendor credits Derek Soeder. Original Advisory: VMware: http://www.vmware.com/security/advisories/VMSA-2008-0016.html Derek Soeder: http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html

Filed under: Patch Management, Security, Virtualization, Enterprise Applications, Software Vulnerabilites

Comments

No Comments