Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в продуктах VMWare
дополнено с 12 апреля 2010 г.
Опубликовано:19 апреля 2010 г.
Источник:
SecurityVulns ID:10754
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода, повышение привилегий, переполнения буфера, ошибки форматной строки, DoS, утечки информации.
Затронутые продукты:VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 2.5
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ACE 2.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Fusion 2.0
 VMWARE : VMware ESXi 4.0
 VMWARE : VMware ESX 4.0
 VMWARE : VMware Workstation 7.0
 VMWARE : VMware Player 3.0
 VMWARE : VMware ACE 2.6
 VMWARE : VMware Fusion 3.0
 VMWARE : VMware VIX API for Windows 1.6
CVE:CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.)
 CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.)
 CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.)
 CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.)
 CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.)
 CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.)
 CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.)
 CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors.")
 CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.)
Оригинальный текстdocumentAlexandr Polyakov, [DSecRG-09-053] VMware Remoute Console - format string (19.04.2010)
 documentACROS Security, ACROS Security: Local Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-2) (14.04.2010)
 documentACROS Security, ACROS Security: Remote Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-1) (14.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.09.10: VMware VMnc Codec Heap Overflow Vulnerability (13.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Buffer Overflow (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vulnerabilities (12.04.2010)
 documentVMWARE, VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (12.04.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород