Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2101

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-2101
Last Modified 14 May 2013 10:41:08
Published 03 Sep 2008 10:12:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2101

Summary

The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.

Vulnerable Systems

Application

  • Vmware Esx 3.0.1

  • Vmware Esx 3.0.2

  • Vmware Esx 3.0.3

  • Vmware Esx 3.5


References

XF - vmware-esx-vcb-info-disclosure(44797)

VUPEN - ADV-2008-2466

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0014.html

BID - 30937

BUGTRAQ - 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

SECTRACK - 1020794

SREASON - 4202

SECUNIA - 31713

GENTOO - GLSA-201209-25

Related Patches

VMware VMSA-2008-0014.3 VMware Workstation 6.5.1 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2008-0014.3 VMware Server 2.0 for Windows (Update) (All Languages) (See Notes) (Rev 3)

VMware VMSA-2008-0014.3 VMware Player 2.5.1 for Windows (Update) (All Languages) (Rev 2)


Last Updated: 27 May 2016 10:49:54