Информационная безопасность
[RU] switch to English


Повышение привилегий в VMWare
Опубликовано:10 мая 2012 г.
Источник:
SecurityVulns ID:12368
Тип:локальная
Уровень опасности:
5/10
Описание:Обращение к неинициализированной памяти при обработке запроса гостевой системы.
Затронутые продукты:VMWARE : VMware Workstation 7.1
 VMWARE : VMware Player 3.1
 VMWARE : ESXi 4.1
CVE:CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.)
 CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.)
 CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.)
 CVE-2012-1517 (The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers.)
 CVE-2012-1516 (The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.)
Оригинальный текстdocumentVMWARE, VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues (10.05.2012)
 documentds.adv.pub_(at)_gmail.com, VMware Backdoor Response Uninitialized Memory Potential VM Break (10.05.2012)
 documentds.adv.pub_(at)_gmail.com, VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break (10.05.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород