Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: VMware, two vulnerabilities

November 2008 by Vigil@nce

SYNTHESIS

Two vulnerabilities of VMware can be used by an attacker to
elevate his privileges.

Gravity: 2/4

Consequences: privileged access/rights

Provenance: user shell

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 2

Creation date: 07/11/2008

Revision date: 10/11/2008

IMPACTED PRODUCTS

 VMware ACE
 VMware ESX Server
 VMware ESX Server 3i
 VMware Player
 VMware Server
 VMware VirtualCenter
 VMware Workstation

DESCRIPTION

Two vulnerabilities of VMware can be used by an attacker to
elevate his privileges.

An attacker, in a guest system, can use the Trap flag of the CPU
in order to elevate his privileges. Indeed, this flag is not reset
after the CC ("INT 3") instruction. [grav:2/4; BID-32168,
CVE-2008-4915]

An administrator of VirtualCenter with the Datastore.FileManagement
privilege can elevate his privileges. [grav:1/4; BID-32172,
CVE-2008-4281]

CHARACTERISTICS

Identifiers: BID-32168, BID-32172, CVE-2008-4281, CVE-2008-4915,
VIGILANCE-VUL-8227, VMSA-2008-0018

http://vigilance.fr/vulnerability/8227


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts