Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4279

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-4279
Last Modified 07 Mar 2011 12:00:00
Published 06 Oct 2008 03:54:36
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4279

Summary

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.

Vulnerable Systems

Application

  • Vmware Esx 3.0.1

  • Vmware Esx 3.0.2

  • Vmware Esx 3.0.3

  • Vmware Esx 3.5

  • Vmware Player 1.0

  • Vmware Player 1.0.1

  • Vmware Player 1.0.2

  • Vmware Player 1.0.3

  • Vmware Player 1.0.5

  • Vmware Player 1.0.6

  • Vmware Player 1.0.7

  • Vmware Player 2.0

  • Vmware Player 2.0.1

  • Vmware Player 2.0.2

  • Vmware Player 2.0.3

  • Vmware Player 2.0.4

  • Vmware Server 1.0

  • Vmware Server 1.0.1

  • Vmware Server 1.0.2

  • Vmware Server 1.0.3

  • Vmware Server 1.0.4

  • Vmware Server 1.0.5

  • Vmware Server 1.0.6

  • Vmware Workstation 5

  • Vmware Workstation 5.5

  • Vmware Workstation 5.5.2

  • Vmware Workstation 5.5.3

  • Vmware Workstation 5.5.4

  • Vmware Workstation 5.5.5

  • Vmware Workstation 5.5.6

  • Vmware Workstation 5.5.7

  • Vmware Workstation 6.0

  • Vmware Workstation 6.0.1

  • Vmware Workstation 6.0.2

  • Vmware Workstation 6.0.3

  • Vmware Workstation 6.0.4


References

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0016.html

XF - vmware-esxesxi-jump-privilege-escalation(45668)

VUPEN - ADV-2008-2740

SECTRACK - 1020991

BID - 31569

BUGTRAQ - 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

SECUNIA - 32180

SECUNIA - 32179

SECUNIA - 32157

BUGTRAQ - 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and

FULLDISC - 20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)


Last Updated: 27 May 2016 10:48:26