Vigil@nce: VMware, two vulnerabilities
November 2008 by Vigil@nce
SYNTHESIS
Two vulnerabilities of VMware can be used by an attacker to
elevate his privileges.
Gravity: 2/4
Consequences: privileged access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 07/11/2008
Revision date: 10/11/2008
IMPACTED PRODUCTS
– VMware ACE
– VMware ESX Server
– VMware ESX Server 3i
– VMware Player
– VMware Server
– VMware VirtualCenter
– VMware Workstation
DESCRIPTION
Two vulnerabilities of VMware can be used by an attacker to
elevate his privileges.
An attacker, in a guest system, can use the Trap flag of the CPU
in order to elevate his privileges. Indeed, this flag is not reset
after the CC ("INT 3") instruction. [grav:2/4; BID-32168,
CVE-2008-4915]
An administrator of VirtualCenter with the Datastore.FileManagement
privilege can elevate his privileges. [grav:1/4; BID-32172,
CVE-2008-4281]
CHARACTERISTICS
Identifiers: BID-32168, BID-32172, CVE-2008-4281, CVE-2008-4915,
VIGILANCE-VUL-8227, VMSA-2008-0018