Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities
From: Pierre-Yves Rofes <py () gentoo org>
Date: Sun, 18 Nov 2007 22:12:26 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200711-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: VMware Workstation and Player: Multiple vulnerabilities
      Date: November 18, 2007
      Bugs: #193196
        ID: 200711-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

VMware guest operating systems might be able to execute arbitrary code
with elevated privileges on the host operating system through multiple
flaws.

Background
==========

VMware Workstation is a virtual machine for developers and system
administrators. VMware Player is a freeware virtualization software
that can run guests produced by other VMware products.

Affected packages
=================

    -------------------------------------------------------------------
     Package             /    Vulnerable    /               Unaffected
    -------------------------------------------------------------------
  1  vmware-workstation      < 6.0.1.55017             *>= 5.5.5.56455
                                                        >= 6.0.1.55017
  2  vmware-player           < 2.0.1.55017             *>= 1.0.5.56455
                                                        >= 2.0.1.55017
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Multiple vulnerabilities have been discovered in several VMware
products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that
the DHCP server contains an integer overflow vulnerability
(CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and
another error when handling malformed packets (CVE-2007-0061), leading
to stack-based buffer overflows or stack corruption. Rafal Wojtczvk
(McAfee) discovered two unspecified errors that allow authenticated
users with administrative or login privileges on a guest operating
system to corrupt memory or cause a Denial of Service (CVE-2007-4496,
CVE-2007-4497). Another unspecified vulnerability related to untrusted
virtual machine images was discovered (CVE-2007-5617).

VMware products also shipped code copies of software with several
vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT
Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow
(GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,
CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).

Impact
======

Remote attackers within a guest system could possibly exploit these
vulnerabilities to execute code on the host system with elevated
privileges or to cause a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All VMware Workstation users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=app-emulation/vmware-workstation-5.5.5.56455"

All VMware Player users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=app-emulation/vmware-player-1.0.5.56455"

References
==========

  [ 1 ] CVE-2004-0813
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813
  [ 2 ] CVE-2006-3619
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619
  [ 3 ] CVE-2006-4146
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146
  [ 4 ] CVE-2006-4600
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
  [ 5 ] CVE-2007-0061
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061
  [ 6 ] CVE-2007-0062
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062
  [ 7 ] CVE-2007-0063
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063
  [ 8 ] CVE-2007-1716
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716
  [ 9 ] CVE-2007-4496
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496
  [ 10 ] CVE-2007-4497
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497
  [ 11 ] CVE-2007-5617
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617
  [ 12 ] GLSA-200606-02
         http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
  [ 13 ] GLSA-200702-06
         http://www.gentoo.org/security/en/glsa/glsa-200702-06.xml
  [ 14 ] GLSA-200704-11
         http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml
  [ 15 ] GLSA-200705-15
         http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml
  [ 16 ] GLSA-200707-11
         http://www.gentoo.org/security/en/glsa/glsa-200707-11.xml
  [ 17 ] VMSA-2007-0006

http://lists.vmware.com/pipermail/security-announce/2007/000001.html

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200711-23.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQKq6uhJ+ozIKI5gRAvyzAJ4tIVlyg3li+eRhWJNDh4UhWVfmGACdEXK5
dbHI84sLa81gvPzWkm/TSZs=
=Lh0/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities Pierre-Yves Rofes (Nov 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]