Bugtraq mailing list archives
[ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities
From: Pierre-Yves Rofes <py () gentoo org>
Date: Sun, 18 Nov 2007 22:12:26 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: VMware Workstation and Player: Multiple vulnerabilities
Date: November 18, 2007
Bugs: #193196
ID: 200711-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
VMware guest operating systems might be able to execute arbitrary code
with elevated privileges on the host operating system through multiple
flaws.
Background
==========
VMware Workstation is a virtual machine for developers and system
administrators. VMware Player is a freeware virtualization software
that can run guests produced by other VMware products.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 vmware-workstation < 6.0.1.55017 *>= 5.5.5.56455
>= 6.0.1.55017
2 vmware-player < 2.0.1.55017 *>= 1.0.5.56455
>= 2.0.1.55017
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
Multiple vulnerabilities have been discovered in several VMware
products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that
the DHCP server contains an integer overflow vulnerability
(CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and
another error when handling malformed packets (CVE-2007-0061), leading
to stack-based buffer overflows or stack corruption. Rafal Wojtczvk
(McAfee) discovered two unspecified errors that allow authenticated
users with administrative or login privileges on a guest operating
system to corrupt memory or cause a Denial of Service (CVE-2007-4496,
CVE-2007-4497). Another unspecified vulnerability related to untrusted
virtual machine images was discovered (CVE-2007-5617).
VMware products also shipped code copies of software with several
vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT
Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow
(GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,
CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).
Impact
======
Remote attackers within a guest system could possibly exploit these
vulnerabilities to execute code on the host system with elevated
privileges or to cause a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All VMware Workstation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/vmware-workstation-5.5.5.56455"
All VMware Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/vmware-player-1.0.5.56455"
References
==========
[ 1 ] CVE-2004-0813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813
[ 2 ] CVE-2006-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619
[ 3 ] CVE-2006-4146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146
[ 4 ] CVE-2006-4600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
[ 5 ] CVE-2007-0061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061
[ 6 ] CVE-2007-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062
[ 7 ] CVE-2007-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063
[ 8 ] CVE-2007-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716
[ 9 ] CVE-2007-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496
[ 10 ] CVE-2007-4497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497
[ 11 ] CVE-2007-5617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617
[ 12 ] GLSA-200606-02
http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
[ 13 ] GLSA-200702-06
http://www.gentoo.org/security/en/glsa/glsa-200702-06.xml
[ 14 ] GLSA-200704-11
http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml
[ 15 ] GLSA-200705-15
http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml
[ 16 ] GLSA-200707-11
http://www.gentoo.org/security/en/glsa/glsa-200707-11.xml
[ 17 ] VMSA-2007-0006
http://lists.vmware.com/pipermail/security-announce/2007/000001.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-23.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHQKq6uhJ+ozIKI5gRAvyzAJ4tIVlyg3li+eRhWJNDh4UhWVfmGACdEXK5
dbHI84sLa81gvPzWkm/TSZs=
=Lh0/
-----END PGP SIGNATURE-----
Current thread:
- [ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities Pierre-Yves Rofes (Nov 19)