VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability - Secunia

Wednesday, November 12, 2008 5:15 PM cmosby

VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability - Secunia

VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability

Secunia Advisory: SA32624

Release Date: 2008-11-07 Popularity: 749 views
Critical:
Less critical Impact: Privilege escalation
Where: Local system Solution Status: Vendor Patch
OS:VMware ESX Server 2.x
VMware ESX Server 3.x
VMware ESXi 3.x

Subscribe: Instant alerts on relevant vulnerabilities
CVE reference:CVE-2008-4915
CVE-2008-4281

Description:
Some vulnerabilities have been reported in VMware ESX and ESXi, which can be exploited by malicious, local users to gain escalated privileges.

1) A vulnerability in the CPU hardware emulation can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA32612

This vulnerability is reported in VMware ESX 2.5.4, 2.5.5, 3.0.2, 3.0.3, 3.5, and ESXi 3.5.

2) An unspecified input validation error can be exploited by administrators to gain escalated privileges via directory traversal attacks.

Successful exploitation requires that an administrator has the "Datastore.FileManagement" privilege.

This vulnerability is reported in VMware ESX 3.5 and ESXi 3.5.

Solution:
Update to the latest version or apply patches.

-- VMware ESXi --

ESXi 3.5:
Apply patch ESXe350-200810401-O-UG.
http://download3.vmware.com/software/vi/ESXe350-200810401-O-UG.zip

-- VMware ESX --

ESX 3.5:
Apply patch ESX350-200810201-UG.
http://download3.vmware.com/software/vi/ESX350-200810201-UG.zip

ESX 3.0.3:
Apply patch ESX303-200810501-BG.
http://download3.vmware.com/software/vi/ESX303-200810501-BG.zip

ESX 3.0.2:
Apply patch ESX-1006680.
http://download3.vmware.com/software/vi/ESX-1006680.tgz

VMware ESX 2.5.5:
Apply Patch 10.
http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz

VMware ESX 2.5.4:
Apply Patch 21
http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz

Provided and/or discovered by:
The vendor credits:
1) Derek Soeder
2) Michel Toussaint

Original Advisory:
VMSA-2008-0018:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html

Other References:
SA32612:
http://secunia.com/advisories/32612/

Filed under: Security, Virtualization, Enterprise Applications, Software Vulnerabilites

Comments

No Comments

Chris Mosby at myITforum.com

Search

Tags

News

Unique Visitors

Navigation

Archives

Microsoft Links

SMS Links

Great Blogs

My Links

Security Links

Anti-Virus Links

Things I Have Done or I Am Involved In

Published Works

VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability - Secunia

Comments