VMware Products Multiple Vulnerabilities (VMSA-2008-0005)

high Nessus Plugin ID 31729

Synopsis

The remote Windows host has an application that is affected by multiple issues.

Description

VMware products installed on the remote host are affected by multiple vulnerabilities :

- The 'authd' process is affected by a privilege escalation vulnerability that could allow an attacker to execute arbitrary code with system level privileges or cause a denial of service condition.

- A feature in VMware workstation version 6.0.2 could allow anonymous console access to guest host via VIX API, which could result in unauthorized access. This feature has been disabled in version 6.0.3.

- Windows based VMware hosts are affected by a privilege escalation vulnerability. By manipulating 'config.ini' an attacker may be able to gain elevated privileges by hijacking the VMware VMX process.

- Multiple VMware products are affected by a directory traversal vulnerability. If a Windows based VMware host is configured to allow shared access from a guest host to a folder on the Host system (HGFS), it may be possible to gain access to the Host file system from guest OS and create/modify arbitrary executable files. VMware Server is not affected by this vulnerability.

- Multiple VMware products hosted on a Windows 2000 host are affected by a privilege escalation vulnerability.

- Multiple VMware products are vulnerable to a potential denial of service attack.

Solution

Upgrade to :

- VMware Workstation 6.0.3/5.5.6 or higher.
- VMware Server 1.0.5 or higher.
- VMware Player 2.0.3/1.0.6 or higher.
- VMware ACE 2.0.3/1.0.5 or higher.

See Also

https://www.vmware.com/security/advisories/VMSA-2008-0005.html

https://www.vmware.com/support/server/doc/releasenotes_server.html

https://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603

https://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

https://www.vmware.com/support/player/doc/releasenotes_player.html

https://www.vmware.com/support/player2/doc/releasenotes_player2.html

https://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

Plugin Details

Severity: High

ID: 31729

File Name: vmware_multiple_vmsa_2008_0005.nasl

Version: 1.24

Type: local

Agent: windows

Family: Windows

Published: 4/2/2008

Updated: 3/27/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-1392

Vulnerability Information

CPE: cpe:/a:vmware:ace, cpe:/a:vmware:player, cpe:/a:vmware:vmware_server, cpe:/a:vmware:vmware_workstation

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Reference Information

CVE: CVE-2006-2937, CVE-2006-2940, CVE-2006-4339, CVE-2006-4343, CVE-2007-5269, CVE-2007-5618, CVE-2008-0923, CVE-2008-1340, CVE-2008-1361, CVE-2008-1362, CVE-2008-1363, CVE-2008-1364, CVE-2008-1392

BID: 28276, 28289

CWE: 16, 20, 22, 264, 310, 399

VMSA: 2008-0005