 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.801143 |
| Category: | Privilege escalation |
| Title: | VMware Products Guest Privilege Escalation Vulnerability (Nov 2009) - Linux |
| Summary: | VMWare product(s) are prone to a privilege escalation vulnerability. |
| Description: | Summary: VMWare product(s) are prone to a privilege escalation vulnerability. Vulnerability Insight: An error occurs while setting the exception code when a '#PF' (page fault) exception arises and can be exploited to gain escalated privileges within the VMware guest. Vulnerability Impact: Local attacker can exploit this issue to gain escalated privileges in a guest virtual machine. Affected Software/OS: VMware Server version 2.0.x prior to 2.0.2 Build 203138, VMware Server version 1.0.x prior to 1.0.10 Build 203137, VMware Player version 2.5.x prior to 2.5.3 Build 185404, VMware Workstation version 6.5.x prior to 6.5.3 Build 185404 on Linux. Solution: Upgrade your VMWare product according to the referenced vendor advisory. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2267 BugTraq ID: 36841 http://www.securityfocus.com/bid/36841 Bugtraq: 20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation (Google Search) http://www.securityfocus.com/archive/1/507539/100/0/threaded Bugtraq: 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues (Google Search) http://www.securityfocus.com/archive/1/507523/100/0/threaded http://security.gentoo.org/glsa/glsa-201209-25.xml http://lists.vmware.com/pipermail/security-announce/2009/000069.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 http://securitytracker.com/id?1023082 http://securitytracker.com/id?1023083 http://secunia.com/advisories/37172 http://www.vupen.com/english/advisories/2009/3062 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |