Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5671

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2007-5671
Last Modified 14 May 2013 10:33:10
Published 05 Jun 2008 04:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5671

Summary

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

Vulnerable Systems

Application

  • Vmware Ace 1.0.0

  • Vmware Ace 1.0.1

  • Vmware Ace 1.0.2

  • Vmware Ace 1.0.3

  • Vmware Ace 1.0.4

  • Vmware Esx Server 2.5.4

  • Vmware Esx Server 2.5.5

  • Vmware Esx Server 3.0.0

  • Vmware Esx Server 3.0.1

  • Vmware Esx Server 3.0.2

  • Vmware Player 1.0.0

  • Vmware Player 1.0.1

  • Vmware Player 1.0.2

  • Vmware Player 1.0.3

  • Vmware Player 1.0.4

  • Vmware Player 1.0.5

  • Vmware Server 1.0.0

  • Vmware Server 1.0.1

  • Vmware Server 1.0.2

  • Vmware Server 1.0.3

  • Vmware Server 1.0.4

  • Vmware Workstation 5.5.0

  • Vmware Workstation 5.5.1

  • Vmware Workstation 5.5.2

  • Vmware Workstation 5.5.3

  • Vmware Workstation 5.5.4

  • Vmware Workstation 5.5.5


References

VUPEN - ADV-2008-1744

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

SECTRACK - 1020197

SREASON - 3922

SECUNIA - 30556

IDEFENSE - 20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability

BUGTRAQ - 20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability

BUGTRAQ - 20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability

GENTOO - GLSA-201209-25

Related Patches

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 10:56:42