scip AG

NASLDB: VMware Products Multiple Vulnerabilities (VMSA-2008-0005)

General

ID: 31729
Name: VMware Products Multiple Vulnerabilities (VMSA-2008-0005)

Summary: Checks vulnerable versions of multiple VMware products

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 139
Family: Windows
Type: Local

Description

VMware products installed on the remote host are affected by multiple
vulnerabilities :

– The ‘authd’ process is affected by a privilege
escalation vulnerability that could allow an attacker to
execute arbitrary code with system level privileges or
cause a denial of service condition.

– A feature in VMware workstation version 6.0.2 could
allow anonymous console access to guest host via VIX
API, which could result in unauthorized access. This
feature has been disabled in version 6.0.3.

– Windows based VMware hosts are affected by a privilege
escalation vulnerability. By manipulating ‘config.ini’
an attacker may be able to gain elevated privileges by
hijacking the VMware VMX process.

– Multiple VMware products are affected by a directory
traversal vulnerability. If a Windows based VMware host
is configured to allow shared access from a guest host
to a folder on the Host system (HGFS), it may be possible
to gain access to the Host file system from guest OS and
create/modify arbitrary executable files. VMware Server
is not affected by this vulnerability.

– Multiple VMware products hosted on a Windows 2000 host
are affected by a privilege escalation vulnerability.

– Multiple VMware products are vulnerable to a potential
denial of service attack.

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2006-2937
OSVDB: –
Bugtraq: 28276
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2008/04/02

Plugin

Version: 1.16
Filename: vmware_multiple_vmsa_2008_0005.nasl
Filesize: 7179 bytes
MD5 Hash: c6e55309aebb7c2a8566732f36be9ade

Identification: VMware/Workstation/Version
Require Keys: –
Dependencies: "vmware_workstation_detect.nasl","vmware_server_win_detect.nasl", "vmware_player_detect.nasl","vmware_ace_detect.nasl"

Copyright: This script is Copyright© 2008-2012 Tenable Network Security, Inc.

Letzte Plugins

• Letzte Plugins
  • USN-1611-1 : thunderbird vulnerabilities
  • USN-1610-1 : linux vulnerability
  • USN-1609-1 : linux-ti-omap4 vulnerability
  • SuSE 10 Security Update : PostgreSQL
  • RHSA-2012-1364: bind97
  • RHSA-2012-1363: bind
  • RHSA-2012-1362: thunderbird
  • RHSA-2012-1361: xulrunner
  • Mandriva Linux Security Advisory : graphicsmagick
  • FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

• Archiv
• scip VulDB
• Syndication
  • RSS
  • Twitter