Test ID:	1.3.6.1.4.1.25623.1.0.800072
Category:	Privilege escalation
Title:	VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (VMSA-2008-0018) - Linux
Summary:	VMWare product(s) are prone to a privilege escalation vulnerability.
Description:	Summary: VMWare product(s) are prone to a privilege escalation vulnerability. Vulnerability Insight: The issue is due to an error in the CPU hardware emulation while handling the trap flag. Vulnerability Impact: Successful exploitation allows attackers to execute arbitrary code on the affected system and users could bypass certain security restrictions or can gain escalated privileges. Affected Software/OS: VMware Server 1.x - 1.0.7 on Linux VMware Player 1.x - 1.0.8 and 2.x - 2.0.5 on Linux VMware Workstation 6.0.5 and earlier on all Linux Solution: Upgrade VMware to the latest version. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4915 BugTraq ID: 32168 http://www.securityfocus.com/bid/32168 Bugtraq: 20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues (Google Search) http://www.securityfocus.com/archive/1/498138/100/0/threaded http://security.gentoo.org/glsa/glsa-201209-25.xml http://lists.vmware.com/pipermail/security-announce/2008/000042.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309 http://www.securitytracker.com/id?1021154 http://secunia.com/advisories/32612 http://secunia.com/advisories/32624 http://www.vupen.com/english/advisories/2008/3052 XForce ISS Database: vmware-cpuhardware-priv-escalation(46415) https://exchange.xforce.ibmcloud.com/vulnerabilities/46415 Common Vulnerability Exposure (CVE) ID: CVE-2008-4917 BugTraq ID: 32597 http://www.securityfocus.com/bid/32597 Bugtraq: 20081203 Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 (Google Search) http://www.securityfocus.com/archive/1/498886/100/0/threaded Bugtraq: 20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 (Google Search) http://www.securityfocus.com/archive/1/498863/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246 http://securitytracker.com/id?1021300 http://securitytracker.com/id?1021301 http://secunia.com/advisories/32965
Copyright	Copyright (C) 2008 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.