 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800007 |
| Categoría: | Buffer overflow |
| Título: | VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009) - Windows |
| Resumen: | VMWare product(s) are prone to multiple buffer overflow vulnerabilities. |
| Descripción: | Summary: VMWare product(s) are prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: VMware VIX API (Application Program Interface) fails to adequately bounds check user supplied input before copying it to insufficient size buffer. Vulnerability Impact: Successful exploitation allows attackers to execute arbitrary code on the affected system and local user can obtain elevated privileges on the target system. Successful exploitation requires that the vix.inGuest.enable configuration value is enabled. Affected Software/OS: VMware Player 1.x - before 1.0.7 build 91707 on Windows VMware Player 2.x - before 2.0.4 build 93057 on Windows VMware Server 1.x - before 1.0.6 build 91891 on Windows VMware Workstation 5.x - before 5.5.7 build 91707 on Windows VMware Workstation 6.x - before 6.0.4 build 93057 on Windows VMware ACE 2.x - before 2.0.4 build 93057 on Windows Solution: Upgrade VMware Product(s) to below version, VMware Player 1.0.7 build 91707 or 2.0.4 build 93057 or later VMware Server 1.0.6 build 91891 or later VMware Workstation 5.5.7 build 91707 or 6.0.4 build 93057 or later VMware ACE 2.0.4 build 93057 CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-2100 BugTraq ID: 29552 http://www.securityfocus.com/bid/29552 Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/493080/100/0/threaded http://security.gentoo.org/glsa/glsa-201209-25.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647 http://securitytracker.com/id?1020200 http://secunia.com/advisories/30556 http://securityreason.com/securityalert/3922 http://www.vupen.com/english/advisories/2008/1744 XForce ISS Database: vmware-vixapi-multiple-unspecified-bo(42872) https://exchange.xforce.ibmcloud.com/vulnerabilities/42872 |
| Copyright | Copyright (C) 2008 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |