Vigil@nce: VMware, several vulnerabilities
April 2009 by Vigil@nce
Several vulnerabilities impact VMware ACE, Player, Server and
Workstation.
– Severity: 2/4
– Consequences: administrator access/rights, data reading, data
creation/edition, denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 8
– Creation date: 02/04/2009
– Revision date: 06/04/2009
IMPACTED PRODUCTS
– VMware ACE
– VMware ESX Server
– VMware ESX Server 3i
– VMware Player
– VMware Server
– VMware vCenter
– VMware VirtualCenter
– VMware Workstation
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities impact VMware products.
On Windows host, an attacker can use an IOCTL of hcmon.sys in
order to elevate his privileges. [grav:2/4; CVE-2009-1146,
Positive Technologies SA 2008-07, PT-2008-07]
On Windows host, an attacker can use an IOCTL of hcmon.sys in
order to create a denial of service (VIGILANCE-VUL-8042
(https://vigilance.fr/tree/1/8042)). [grav:1/4; BID-30737,
CVE-2008-3761]
On Windows host, an attacker can send a long authentication query
to the vmware-authd service in order to stop it
(VIGILANCE-VUL-8368 (https://vigilance.fr/tree/1/8368)).
[grav:2/4; BID-33095, CVE-2009-0177]
On Windows host or guest, an attacker can use vmci.sys (Virtual
Machine Communication Interface) to elevate his privileges.
[grav:2/4; CVE-2009-1147, Positive Technologies SA 2008-05,
PT-2008-05]
Two overflows of the VMnc codec can be used by an attacker to
execute code on the host. [grav:2/4; CVE-2009-0909, CVE-2009-0910,
TPTI-09-01, TPTI-09-02]
An attacker can re-enable an ACE Shared Folder of HGFS (Host Guest
File System). [grav:1/4; CVE-2009-0908]
An attacker in a guest system can use a device driver to stop the
host. [grav:1/4; CVE-2008-4916]
The VI Client keeps in its memory the VirtualCenter Server
password. [grav:1/4; CVE-2009-0518]
CHARACTERISTICS
– Identifiers: BID-30737, BID-33095, BID-34373, CVE-2008-3761,
CVE-2008-4916, CVE-2009-0177, CVE-2009-0518, CVE-2009-0908,
CVE-2009-0909, CVE-2009-0910, CVE-2009-1146, CVE-2009-1147,
Positive Technologies SA 2008-05, Positive Technologies SA
2008-07, PT-2008-05, PT-2008-07, TPTI-09-01, TPTI-09-02,
VIGILANCE-VUL-8592, VMSA-2009-0005
– Url: http://vigilance.fr/vulnerability/VMware-several-vulnerabilities-8592