VMSA-2008-0018 : VMware Hosted products and patches for ESX and ESXi resolve two security issues

high Nessus Plugin ID 40385

Synopsis

The remote VMware ESXi / ESX host is missing a security-related patch.

Description

a. A privilege escalation on 32-bit and 64-bit guest operating systems

VMware products emulate hardware functions and create the possibility to run guest operating systems.

A flaw in the CPU hardware emulation might allow the virtual CPU to incorrectly handle the Trap flag. Exploitation of this flaw might lead to a privilege escalation on guest operating systems. An attacker needs a user account on the guest operating system and have the ability to run applications.

VMware would like to thank Derek Soeder for discovering this issue and working with us on its remediation.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4915 to this issue.

b. Directory traversal vulnerability

VirtualCenter allows administrators to have fine-grained privileges.
A directory traversal vulnerability might allow administrators to increase these privileges. In order to leverage this flaw, the administrator would need to have the Datastore.FileManagement privilege.

VMware would like to thank Michel Toussaint for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4281 to this issue.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2008/000042.html

Plugin Details

Severity: High

ID: 40385

File Name: vmware_VMSA-2008-0018.nasl

Version: 1.21

Type: local

Published: 7/27/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:2.5.4, cpe:/o:vmware:esx:2.5.5, cpe:/o:vmware:esx:3.0.2, cpe:/o:vmware:esx:3.5, cpe:/o:vmware:esxi:3.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/6/2008

Reference Information

CVE: CVE-2008-4281, CVE-2008-4915

BID: 32168, 32172

CWE: 22, 264

VMSA: 2008-0018