Vigil@nce: VMware, memory corruption
December 2008 by Vigil@nce
An attacker located in a guest system can create a denial of
service or execute code on the host system.
– Gravity: 2/4
– Consequences: administrator access/rights
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 03/12/2008
IMPACTED PRODUCTS
– VMware ACE
– VMware ESX Server
– VMware ESX Server 3i
– VMware Player
– VMware Server
DESCRIPTION
A guest system runs on a virtual hardware independent of the
physical hardware.
A local attacker can force the virtual hardware to write to an
address of the physical memory. Technical details are unknown.
An attacker located in a guest system can therefore create a
denial of service or execute code on the host system.
CHARACTERISTICS
– Identifiers: BID-32597, CVE-2008-4917, VIGILANCE-VUL-8284,
VMSA-2008-0019
– Url: http://vigilance.fr/vulnerability/8284