Wednesday, November 12, 2008 5:35 PM cmosby

VMware Products Privilege Escalation Vulnerability - Secunia

 
VMware Products Privilege Escalation Vulnerability
Secunia Advisory: SA32612
Release Date: 2008-11-07
Popularity: 294 views

Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch

Software: VMware ACE 1.x
VMWare ACE 2.x
VMware Player 1.x
VMWare Player 2.x
VMware Server 1.x
VMware Workstation 5.x
VMware Workstation 6.x

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference: CVE-2008-4915


Description:
A vulnerability has been reported in various VMware products, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error in the CPU hardware emulation when handling the Trap flag, which can be exploited by a local user on a guest operating system to gain escalated privileges.

Please see vendor's advisory for a list of affected products and versions.

Solution:
Update to the latest version or apply patches.

VMware Workstation 6.0.x:
Update to version 6.5.0 build 118166 or later.

VMware Workstation 5.x:
Update to version 5.5.9 build 126128 or later.
http://www.vmware.com/download/ws/ws5.html

VMware Player 1.x:
Update to version 1.0.9 build 126128 or later.
http://www.vmware.com/download/player/

VMware Player 2.0.x:
Update to version 2.5.0 build 118166 or later.

VMware ACE 1.x:
Update to version 1.0.8 build 125922 or later.
http://www.vmware.com/download/ace/

VMware ACE 2.0.x:
Update to version 2.5.0 build 118166 or later.

VMware Server 1.x:
Update to version 1.0.8 build 126538 or later.
http://www.vmware.com/download/server/

Provided and/or discovered by:
The vendor credits Derek Soeder.

Original Advisory:
VMSA-2008-0018:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html
Filed under: , , ,

Comments

No Comments