Информационная безопасность
[RU] switch to English


Уязвимости безопасности в VMWare
Опубликовано:10 ноября 2008 г.
Источник:
SecurityVulns ID:9419
Тип:локальная
Уровень опасности:
6/10
Описание:Повышение привилегий в гостевой системе из-за некорректной эмуляции процессора, обратный путь в каталогах.
Затронутые продукты:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
 VMWARE : VMWare Workstation 6.0
 VMWARE : VMware Player 2.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 2.5
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
CVE:CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.)
 CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.)
Оригинальный текстdocumentds.adv.pub_(at)_gmail.com, VMware Emulation Flaw x64 Guest Privilege Escalation (2/2) (10.11.2008)
 documentVMWARE, VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues (10.11.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород