Vulnerabilities > CVE-2008-4917 - Resource Management Errors vulnerability in VMWare products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

vmware

CWE-399

nessus

NVD

Published: 2008-12-09

Updated: 2018-11-02

Summary

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware ESX * Vmware Esxi 3.5 Vmware Player 1.0.0 Vmware Player 1.0.1 Vmware Player 1.0.2 Vmware Player 1.0.3 Vmware Player 1.0.4 Vmware Player 1.0.5 Vmware Player 1.0.5_Build_56455 Vmware Player 1.0.6 Vmware Player 1.0.7 Vmware Player 1.0.8 Vmware Player 2.0 Vmware Player 2.0.1 Vmware Player 2.0.1_Build_55017 Vmware Player 2.0.2 Vmware Player 2.0.3 Vmware Player 2.0.4 Vmware Player 2.0.5 Vmware Server 1.0 Vmware Server 1.0.1 Vmware Server 1.0.1_Build_29996 Vmware Server 1.0.2 Vmware Server 1.0.3 Vmware Server 1.0.4 Vmware Server 1.0.4_Build_56528 Vmware Server 1.0.5 Vmware Server 1.0.6 Vmware Server 1.0.7 Vmware Server 1.0.8 Vmware Server 1.0.9 Vmware Workstation 5.5 Vmware Workstation 5.5.0_Build_13124 Vmware Workstation 5.5.1 Vmware Workstation 5.5.1_Build_19175 Vmware Workstation 5.5.2 Vmware Workstation 5.5.3 Vmware Workstation 5.5.3_Build_34685 Vmware Workstation 5.5.3_Build_42958 Vmware Workstation 5.5.4 Vmware Workstation 5.5.4_Build_44386 Vmware Workstation 5.5.5 Vmware Workstation 5.5.5_Build_56455 Vmware Workstation 5.5.6 Vmware Workstation 5.5.7 Vmware Workstation 5.5.8 Vmware Workstation 6.0 Vmware Workstation 6.0.1 Vmware Workstation 6.0.1_Build_55017 Vmware Workstation 6.0.2 Vmware Workstation 6.0.3 Vmware Workstation 6.0.4 Vmware Workstation 6.0.5	53

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Windows
NASL id	VMWARE_MULTIPLE_VMSA_2008_0018.NASL
description	A VMware product installed on the remote host is affected by multiple vulnerabilities : - A CPU hardware emulation flaw in certain VMware products could allow a virtual CPU to incorrectly handle a Trap flag. Successful exploitation of this issue could lead to privilege escalation on the guest operating system. An attacker would need an account on the guest operating system and the ability to run applications to exploit this issue. (CVE-2008-4915) - By sending a malicious request from the guest operating system to the virtual hardware, it may be possible to cause the virtual hardware to write to an uncontrolled section in the physical memory. (CVE-2008-4917)
last seen	2020-06-01
modified	2020-06-02
plugin id	34818
published	2008-11-19
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34818
title	VMware Products Multiple Vulnerabilities (VMSA-2008-0018/VMSA-2008-0019)
code	# # (C) Tenable Network Security, Inc. # if ( NASL_LEVEL < 3000 ) exit(0); include("compat.inc"); if (description) { script_id(34818); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2008-4915", "CVE-2008-4917"); script_bugtraq_id(32168, 32597); script_xref(name:"VMSA", value:"2008-0018"); script_xref(name:"VMSA", value:"2008-0019"); script_xref(name:"Secunia", value:"32612"); script_name(english:"VMware Products Multiple Vulnerabilities (VMSA-2008-0018/VMSA-2008-0019)"); script_summary(english:"Checks versions of multiple VMware products"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "A VMware product installed on the remote host is affected by multiple vulnerabilities : - A CPU hardware emulation flaw in certain VMware products could allow a virtual CPU to incorrectly handle a Trap flag. Successful exploitation of this issue could lead to privilege escalation on the guest operating system. An attacker would need an account on the guest operating system and the ability to run applications to exploit this issue. (CVE-2008-4915) - By sending a malicious request from the guest operating system to the virtual hardware, it may be possible to cause the virtual hardware to write to an uncontrolled section in the physical memory. (CVE-2008-4917)" ); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2008-0018.html" ); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2008-0019.html" ); script_set_attribute(attribute:"solution", value: "Upgrade to : - VMware Workstation 6.5.0/5.5.9 or higher. - VMware Player 2.5.0/1.0.9 or higher. - VMware Server 1.0.8 or higher. - VMware ACE 2.5.0/1.0.8 or higher." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/11/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:ace"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_player"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_server"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("vmware_workstation_detect.nasl","vmware_server_win_detect.nasl", "vmware_player_detect.nasl","vmware_ace_detect.nasl"); script_require_ports("VMware/Server/Version", "VMware/ACE/Version", "VMware/Player/Version", "VMware/Workstation/Version", 139, 445); exit(0); } include("global_settings.inc"); include("smb_func.inc"); port = kb_smb_transport(); # Check for VMware ACE. version = get_kb_item("VMware/ACE/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if (( v[0] == 1 && v[1] == 0 && v[2] < 8 ) \|\| ( v[0] == 2 && v[1] < 5 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware ACE is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } } # Check for VMware Workstation version = get_kb_item("VMware/Workstation/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if (( v[0] < 5 ) \|\| ( v[0] == 5 && v[1] < 5 ) \|\| ( v[0] == 5 && v[1] == 5 && v[2] < 9 ) \|\| ( v[0] == 6 && v[1] < 5 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware Workstation is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } exit(0); } # Check for VMware Server version = get_kb_item("VMware/Server/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if ( ( v[0] < 1 ) \|\| ( v[0] == 1 && v[1] == 0 && v[2] < 8 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware Server is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } exit(0); } # Check for VMware Player version = get_kb_item("VMware/Player/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if ( ( v[0] < 1 ) \|\| ( v[0] == 1 && v[1] == 0 && v[2] < 9 ) \|\| ( v[0] == 2 && v[1] < 5 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware Player is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } exit(0); }

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2008-0019.NASL
description	a. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	40386
published	2009-07-27
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40386
title	VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2008-0019. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(40386); script_version("1.18"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2008-1372", "CVE-2008-4917"); script_bugtraq_id(28286); script_xref(name:"VMSA", value:"2008-0019"); script_name(english:"VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESXi / ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2008/000048.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:2.5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:3.5"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2008-12-02"); flag = 0; if (esx_check(ver:"ESX 2.5.5", patch:"11")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006980")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006982")) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200811404-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200811401-SG", patch_updates : make_list("ESX350-200911201-UG", "ESX350-201006401-SG", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200811406-SG", patch_updates : make_list("ESX350-201012409-SG", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if (esx_check(ver:"ESXi 3.5.0", patch:"ESXe350-200811401-O-SG")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201209-25.NASL
description	The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	62383
published	2012-10-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62383
title	GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201209-25. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(62383); script_version("1.24"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2007-5269", "CVE-2007-5503", "CVE-2007-5671", "CVE-2008-0967", "CVE-2008-1340", "CVE-2008-1361", "CVE-2008-1362", "CVE-2008-1363", "CVE-2008-1364", "CVE-2008-1392", "CVE-2008-1447", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-2098", "CVE-2008-2100", "CVE-2008-2101", "CVE-2008-4915", "CVE-2008-4916", "CVE-2008-4917", "CVE-2009-0040", "CVE-2009-0909", "CVE-2009-0910", "CVE-2009-1244", "CVE-2009-2267", "CVE-2009-3707", "CVE-2009-3732", "CVE-2009-3733", "CVE-2009-4811", "CVE-2010-1137", "CVE-2010-1138", "CVE-2010-1139", "CVE-2010-1140", "CVE-2010-1141", "CVE-2010-1142", "CVE-2010-1143", "CVE-2011-3868"); script_bugtraq_id(25956, 26650, 28276, 28289, 29444, 29552, 29557, 29637, 29639, 29640, 29641, 30131, 30937, 32168, 32597, 33827, 33990, 34373, 34471, 36630, 36841, 36842, 39104, 39392, 39394, 39395, 39396, 39397, 39407, 39949, 49942); script_xref(name:"GLSA", value:"201209-25"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201209-25" ); script_set_attribute( attribute:"solution", value: "Gentoo discontinued support for VMware Player. We recommend that users unmerge VMware Player: # emerge --unmerge 'app-emulation/vmware-player' NOTE: Users could upgrade to “>=app-emulation/vmware-player-3.1.5”, however these packages are not currently stable. Gentoo discontinued support for VMware Workstation. We recommend that users unmerge VMware Workstation: # emerge --unmerge 'app-emulation/vmware-workstation' NOTE: Users could upgrade to “>=app-emulation/vmware-workstation-7.1.5”, however these packages are not currently stable. Gentoo discontinued support for VMware Server. We recommend that users unmerge VMware Server: # emerge --unmerge 'app-emulation/vmware-server'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-14-757"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Vmware Server File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 22, 94, 119, 134, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-player"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/vmware-server", unaffected:make_list(), vulnerable:make_list("le 1.0.9.156507"))) flag++; if (qpkg_check(package:"app-emulation/vmware-workstation", unaffected:make_list(), vulnerable:make_list("le 6.5.5.328052"))) flag++; if (qpkg_check(package:"app-emulation/vmware-player", unaffected:make_list(), vulnerable:make_list("le 2.5.5.328052"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VMware Player / Server / Workstation"); }

Oval

accepted

2010-05-17T04:00:12.756-04:00

class

vulnerability

contributors

name Michael Wood
organization Hewlett-Packard
name Michael Wood
organization Hewlett-Packard
name J. Daniel Brown
organization DTCC

definition_extensions

comment VMWare ESX Server 3.0.3 is installed
oval oval:org.mitre.oval:def:6026
comment VMWare ESX Server 3.0.2 is installed
oval oval:org.mitre.oval:def:5613
comment VMware ESX Server 3.5.0 is installed
oval oval:org.mitre.oval:def:5887

description

family

unix

oval:org.mitre.oval:def:6246

status

accepted

submitted

2009-09-23T15:39:02.000-04:00

title

VMware ESX Virtual Hardware Memory Access Bug Lets Local Users Gain Elevated Privileges

version

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 32597 CVE(CAN) ID: CVE-2008-4917 VMWare是一款虚拟PC软件，允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。如果guest操作系统向虚拟的硬件发送了恶意请求的话，就可能触发内存破坏，导致虚拟硬件写入非受控的物理内存区域。成功利用这个漏洞的攻击者可以完全控制HOST系统或导致拒绝服务。 VMWare Workstation 6.0.x VMWare Workstation 5.x VMWare ACE 2.0.x VMWare ACE 1.x VMWare Player 2.0.x VMWare Player 1.x VMWare Server 1.x VMWare Fusion 1.x VMWare ESX 3.5 VMWare ESX 3.0.3 VMWare ESX 3.0.2 VMWare ESXi 3.5 VMWare ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.vmware.com target=_blank>http://www.vmware.com</a>
id	SSV:4528
last seen	2017-11-19
modified	2008-12-05
published	2008-12-05
reporter	Root
title	VMware虚拟硬件内存破坏漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Seebug

References