Vulnerabilities > CVE-2008-4917 - Resource Management Errors vulnerability in VMWare products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id VMWARE_MULTIPLE_VMSA_2008_0018.NASL description A VMware product installed on the remote host is affected by multiple vulnerabilities : - A CPU hardware emulation flaw in certain VMware products could allow a virtual CPU to incorrectly handle a Trap flag. Successful exploitation of this issue could lead to privilege escalation on the guest operating system. An attacker would need an account on the guest operating system and the ability to run applications to exploit this issue. (CVE-2008-4915) - By sending a malicious request from the guest operating system to the virtual hardware, it may be possible to cause the virtual hardware to write to an uncontrolled section in the physical memory. (CVE-2008-4917) last seen 2020-06-01 modified 2020-06-02 plugin id 34818 published 2008-11-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34818 title VMware Products Multiple Vulnerabilities (VMSA-2008-0018/VMSA-2008-0019) code # # (C) Tenable Network Security, Inc. # if ( NASL_LEVEL < 3000 ) exit(0); include("compat.inc"); if (description) { script_id(34818); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2008-4915", "CVE-2008-4917"); script_bugtraq_id(32168, 32597); script_xref(name:"VMSA", value:"2008-0018"); script_xref(name:"VMSA", value:"2008-0019"); script_xref(name:"Secunia", value:"32612"); script_name(english:"VMware Products Multiple Vulnerabilities (VMSA-2008-0018/VMSA-2008-0019)"); script_summary(english:"Checks versions of multiple VMware products"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "A VMware product installed on the remote host is affected by multiple vulnerabilities : - A CPU hardware emulation flaw in certain VMware products could allow a virtual CPU to incorrectly handle a Trap flag. Successful exploitation of this issue could lead to privilege escalation on the guest operating system. An attacker would need an account on the guest operating system and the ability to run applications to exploit this issue. (CVE-2008-4915) - By sending a malicious request from the guest operating system to the virtual hardware, it may be possible to cause the virtual hardware to write to an uncontrolled section in the physical memory. (CVE-2008-4917)" ); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2008-0018.html" ); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2008-0019.html" ); script_set_attribute(attribute:"solution", value: "Upgrade to : - VMware Workstation 6.5.0/5.5.9 or higher. - VMware Player 2.5.0/1.0.9 or higher. - VMware Server 1.0.8 or higher. - VMware ACE 2.5.0/1.0.8 or higher." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/11/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:ace"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_player"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_server"); script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("vmware_workstation_detect.nasl","vmware_server_win_detect.nasl", "vmware_player_detect.nasl","vmware_ace_detect.nasl"); script_require_ports("VMware/Server/Version", "VMware/ACE/Version", "VMware/Player/Version", "VMware/Workstation/Version", 139, 445); exit(0); } include("global_settings.inc"); include("smb_func.inc"); port = kb_smb_transport(); # Check for VMware ACE. version = get_kb_item("VMware/ACE/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if (( v[0] == 1 && v[1] == 0 && v[2] < 8 ) || ( v[0] == 2 && v[1] < 5 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware ACE is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } } # Check for VMware Workstation version = get_kb_item("VMware/Workstation/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if (( v[0] < 5 ) || ( v[0] == 5 && v[1] < 5 ) || ( v[0] == 5 && v[1] == 5 && v[2] < 9 ) || ( v[0] == 6 && v[1] < 5 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware Workstation is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } exit(0); } # Check for VMware Server version = get_kb_item("VMware/Server/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if ( ( v[0] < 1 ) || ( v[0] == 1 && v[1] == 0 && v[2] < 8 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware Server is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } exit(0); } # Check for VMware Player version = get_kb_item("VMware/Player/Version"); if (version) { v = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(v); i++) v[i] = int(v[i]); if ( ( v[0] < 1 ) || ( v[0] == 1 && v[1] == 0 && v[2] < 9 ) || ( v[0] == 2 && v[1] < 5 ) ) { if (report_verbosity) { report = string( "\n", "Version ",version," of VMware Player is installed on the remote host.", "\n" ); security_warning(port:port, extra:report); } else security_warning(port); } exit(0); }
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0019.NASL description a. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40386 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40386 title VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2008-0019. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(40386); script_version("1.18"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2008-1372", "CVE-2008-4917"); script_bugtraq_id(28286); script_xref(name:"VMSA", value:"2008-0019"); script_name(english:"VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESXi / ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2008/000048.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:2.5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:3.5"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2008-12-02"); flag = 0; if (esx_check(ver:"ESX 2.5.5", patch:"11")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006980")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006982")) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200811404-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200811401-SG", patch_updates : make_list("ESX350-200911201-UG", "ESX350-201006401-SG", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200811406-SG", patch_updates : make_list("ESX350-201012409-SG", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if (esx_check(ver:"ESXi 3.5.0", patch:"ESXe350-200811401-O-SG")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-25.NASL description The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62383 published 2012-10-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62383 title GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201209-25. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(62383); script_version("1.24"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2007-5269", "CVE-2007-5503", "CVE-2007-5671", "CVE-2008-0967", "CVE-2008-1340", "CVE-2008-1361", "CVE-2008-1362", "CVE-2008-1363", "CVE-2008-1364", "CVE-2008-1392", "CVE-2008-1447", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-2098", "CVE-2008-2100", "CVE-2008-2101", "CVE-2008-4915", "CVE-2008-4916", "CVE-2008-4917", "CVE-2009-0040", "CVE-2009-0909", "CVE-2009-0910", "CVE-2009-1244", "CVE-2009-2267", "CVE-2009-3707", "CVE-2009-3732", "CVE-2009-3733", "CVE-2009-4811", "CVE-2010-1137", "CVE-2010-1138", "CVE-2010-1139", "CVE-2010-1140", "CVE-2010-1141", "CVE-2010-1142", "CVE-2010-1143", "CVE-2011-3868"); script_bugtraq_id(25956, 26650, 28276, 28289, 29444, 29552, 29557, 29637, 29639, 29640, 29641, 30131, 30937, 32168, 32597, 33827, 33990, 34373, 34471, 36630, 36841, 36842, 39104, 39392, 39394, 39395, 39396, 39397, 39407, 39949, 49942); script_xref(name:"GLSA", value:"201209-25"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201209-25" ); script_set_attribute( attribute:"solution", value: "Gentoo discontinued support for VMware Player. We recommend that users unmerge VMware Player: # emerge --unmerge 'app-emulation/vmware-player' NOTE: Users could upgrade to “>=app-emulation/vmware-player-3.1.5”, however these packages are not currently stable. Gentoo discontinued support for VMware Workstation. We recommend that users unmerge VMware Workstation: # emerge --unmerge 'app-emulation/vmware-workstation' NOTE: Users could upgrade to “>=app-emulation/vmware-workstation-7.1.5”, however these packages are not currently stable. Gentoo discontinued support for VMware Server. We recommend that users unmerge VMware Server: # emerge --unmerge 'app-emulation/vmware-server'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-14-757"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Vmware Server File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 22, 94, 119, 134, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-player"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-workstation"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/vmware-server", unaffected:make_list(), vulnerable:make_list("le 1.0.9.156507"))) flag++; if (qpkg_check(package:"app-emulation/vmware-workstation", unaffected:make_list(), vulnerable:make_list("le 6.5.5.328052"))) flag++; if (qpkg_check(package:"app-emulation/vmware-player", unaffected:make_list(), vulnerable:make_list("le 2.5.5.328052"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VMware Player / Server / Workstation"); }
Oval
accepted | 2010-05-17T04:00:12.756-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:6246 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2009-09-23T15:39:02.000-04:00 | ||||||||||||
title | VMware ESX Virtual Hardware Memory Access Bug Lets Local Users Gain Elevated Privileges | ||||||||||||
version | 6 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 32597 CVE(CAN) ID: CVE-2008-4917 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 如果guest操作系统向虚拟的硬件发送了恶意请求的话,就可能触发内存破坏,导致虚拟硬件写入非受控的物理内存区域。成功利用这个漏洞的攻击者可以完全控制HOST系统或导致拒绝服务。 VMWare Workstation 6.0.x VMWare Workstation 5.x VMWare ACE 2.0.x VMWare ACE 1.x VMWare Player 2.0.x VMWare Player 1.x VMWare Server 1.x VMWare Fusion 1.x VMWare ESX 3.5 VMWare ESX 3.0.3 VMWare ESX 3.0.2 VMWare ESXi 3.5 VMWare ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.vmware.com target=_blank>http://www.vmware.com</a> |
id | SSV:4528 |
last seen | 2017-11-19 |
modified | 2008-12-05 |
published | 2008-12-05 |
reporter | Root |
title | VMware虚拟硬件内存破坏漏洞 |
References
- http://kb.vmware.com/kb/1006980
- http://kb.vmware.com/kb/1006980
- http://kb.vmware.com/kb/1006986
- http://kb.vmware.com/kb/1006986
- http://secunia.com/advisories/32965
- http://secunia.com/advisories/32965
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://securitytracker.com/id?1021300
- http://securitytracker.com/id?1021300
- http://securitytracker.com/id?1021301
- http://securitytracker.com/id?1021301
- http://www.securityfocus.com/archive/1/498863/100/0/threaded
- http://www.securityfocus.com/archive/1/498863/100/0/threaded
- http://www.securityfocus.com/archive/1/498886/100/0/threaded
- http://www.securityfocus.com/archive/1/498886/100/0/threaded
- http://www.securityfocus.com/bid/32597
- http://www.securityfocus.com/bid/32597
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246