VMWare produkter flere sårbarheder - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

VMWare produkter flere sårbarheder

Secunia Advisory:	SA26890
Udsendt:	2007-09-20
Sidste Opdt.:	2007-10-23

Kritisk:	Moderat kritisk
Betydning:	Rettighedseskalering DoS Systemadgang
Hvor:	Fra Lokalt Netværk
Løsning Status:	Producent Patch

OS:	VMware ESX Server 2.x VMware ESX Server 3.x

Software:	VMware ACE 1.x VMWare ACE 2.x VMware Player 1.x VMWare Player 2.x VMware Server 1.x VMware Workstation 5.x VMware Workstation 6.x

CVE reference:	CVE-2007-0061 (Secunia mirror) CVE-2007-0062 (Secunia mirror) CVE-2007-0063 (Secunia mirror) CVE-2007-4496 (Secunia mirror) CVE-2007-4497 (Secunia mirror) CVE-2007-5023 (Secunia mirror) CVE-2007-5024 (Secunia mirror) CVE-2007-5025 (Secunia mirror) CVE-2007-5617 (Secunia mirror) CVE-2007-5618 (Secunia mirror) CVE-2007-5619 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beskrivelse: Der er rapporteret flere sårbarheder i diverse VMware produkter, som kan udnyttes af ondsindede, lokale brugere til at opnå eskalerede rettigheder eller udføre et DoS (Denial of Service) samt af ondsindede personer til at kompromittere et sårbart system. 1) En uspecificeret fejl kan udnyttse af en bruger med administrative rettigheder i en gæste-OS til at korrumpere hukommelsen i visse host-processer. Succesfuld udnyttelse kan muliggøre ekskevering af vilkårlig kode på host-systemet. 2) En uspecificeret fejl kan udnyttes i gæste-systemet til at crashe host-processen. Sårbarhederne berører VMWare ESX 3.0.1, 3.0.0, 2.5.4, 2.5.3, 2.1.3 og 2.0.2, VMWare Workstation 6.0.0 og 5.5.4, VMWare Player 2.0.0 og 1.0.4, VMWare Server 1.0.3 samt VMWare ACE 2.0.0 og 1.0.3. 3) Et heltals-underflow i DHCP-servicen kan udnyttes til at forårsage et stack-baseret buffer overflow via en specielt udformet DHCP-pakke. Succesfuld udnyttelse muliggør eksekvering af vilkårlig kode. 4) Et heltals-overflow i DHCP-servicen kan udnyttes til at forårsage et stack-baseret buffer overflow via en specielt udformet DHCP-pakke. Succesfuld udnyttelse muliggør eksekvering af vilkårlig kode. 5) En uspecificeret fejl under håndteringen af fejlbehæftede DHCP-pakker kan udnyttes til at eksekvere vilkårlig kode. 6) En fejl under opstarten af registrerede services kan udnyttes til at opnå eskalerede rettigheder. Sårbarhederne berører VMWare Workstation 6.0.0 og 5.5.4, VMWare Player 2.0.0 og 1.0.4, VMWare Server 1.0.3 samt VMWare ACE 2.0.0 og 1.0.3. Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector. Løsning: Opdatér til den seneste version, eller installér patches. -- VMware ESX 3.0.1 -- Patch Bundle ESX-8258730: http://www.vmware.com/support/vi3/doc/esx-8258730-patch.html md5sum a06d0e36e403b0fe6bc6fbc76220a86d -- VMware ESX 3.0.0 -- Patch Bundle ESX-4809553: http://www.vmware.com/support/vi3/doc/esx-4809553-patch.html md5sum cd363526aab5fa6c45bf2509cb5ae500 NOTE: The vendor recommends users to update to version 3.0.1 as 3.0.0 is nearing its End-of-life. -- VMware ESX 2.5.4 -- Apply patch 10 (Build# 53326) http://www.vmware.com/support/esx25/doc/esx-254-200708-patch.html md5sum 8f29f906e0f3c8605a203f914f36b3d1 -- VMWare ESX 2.5.3 -- Apply patch 13 (Build# 52488) http://www.vmware.com/support/esx25/doc/esx-253-200708-patch.html md5sum 32ba19deb7af268ab357710145f8659b NOTE: The vendor recommends users to update to version 2.5.4 or later as 2.5.3 is nearing its End-of-life. -- VMware ESX 2.1.3 -- Apply patch 8 (Build# 53228) http://www.vmware.com/support/esx21/doc/esx-213-200708-patch.html md5sum 32f9f87a99c5c801dd61492a9d91dfe2 NOTE: The vendor recommends users to update to version 2.5.4 or later as 2.1.3 is nearing its End-of-life. -- VMware ESX 2.0.2 -- Apply patch 8 (Build# 52650) http://www.vmware.com/support/esx2/doc/esx-202-200708-patch.html md5sum f36bb75b51f79e4ba2a2f01a71c3bb08 NOTE: The vendor recommends users to update to version 2.5.4 or later as 2.0.2 is nearing its End-of-life. -- VMware Workstation 6.0.0 -- Update to version 6.0.1 (Build# 55017) http://www.vmware.com/download/ws/ -- VMware Workstation 5.5.4 -- Update to version 5.5.5 (Build# 56455) http://www.vmware.com/download/ws/ws5.html -- VMware Player 2.0.0 -- Update to version 2.0.1 (Build# 55017) http://www.vmware.com/download/player/ -- VMware Player 1.0.4 -- Update to version 1.0.5 (Build# 56455) http://www.vmware.com/download/player/ -- VMware Server 1.0.3 -- Update to version 1.0.4 (Build# 56528) http://www.vmware.com/download/server/ -- VMware ACE 2.0.0 -- Update to version 2.0.1 (Build# 55017) http://www.vmware.com/download/ace/ -- VMware ACE 1.0.3 -- Update to version 1.0.4 (Build# 54075) http://www.vmware.com/download/ace/ Rapporteret af / Kredit: Producenten krediterer: 1-2) Rafal Wojtczvk, McAfee 3-5) Neel Mehta og Ryan Smith, IBM ISS X-Force 6) Foundstone Forløb: 25-09-2007: Tilføjede CVE-reference. 23-10-2007: Tilføjede CVE-reference. Original Advisory: VMWare: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#601 http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#555 http://www.vmware.com/support/server/doc/releasenotes_server.html#resolved http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html#new_201 http://www.vmware.com/support/player/doc/releasenotes_player.html#105 http://www.vmware.com/support/player2/doc/releasenotes_player2.html#201 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html IBM ISS X-Force: http://www.iss.net/threats/275.html http://xforce.iss.net/xforce/xfdb/33103 http://xforce.iss.net/xforce/xfdb/33102 http://xforce.iss.net/xforce/xfdb/33101



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

18 Relaterede Secunia Advisories, displaying 10

1. VMware ESX Server flere sårbarheder

2. VMware ESX Server / VirtualCenter flere sårbarheder

3. VMware ESX Server flere sikkerhedsopdateringer

4. VMWare Workstation vstor-ws60.sys Denial of Service

5. VMware Workstation flere sårbarheder

6. VMware ESX Server flere sårbarheder

7. VMware ESX Server flere sårbarheder

8. VMWare ESX Server flere sårbarheder

9. VMware ESX Server x87 register informationslæk

10. VMware ESX Server flere sårbarheder

Vis alle relaterede advisories

Send Feedback to Secunia

Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com. Ideer, foreslag og andet feedback er også meget velkommen.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Novell eDirectory Multiple Vulnerabilities

2.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

3.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

4.	phpMyRealty "price_max" SQL Injection Vulnerability

5.	Adium MSN SLP Message Integer Overflow Vulnerabilities

6.	dotProject SQL Injection and Cross-Site Scripting

7.	IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Vulnerability

8.	Blogn Cross-Site Scripting and Cross-Site Request Forgery

9.	Caudium "configvar" Insecure Temporary Files

10.	Red Hat update for libtiff