Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:5025
HistoryApr 10, 2009 - 12:00 a.m.

VMWare VMSA-2009-0005更新修复多个安全漏洞

2009-04-1000:00:00
Root
www.seebug.org
148

0.078 Low

EPSS

Percentile

94.2%

JSON

BUGTRAQ ID: 34373
CVE(CAN) ID: CVE-2008-4916,CVE-2008-3761,CVE-2009-1146,CVE-2009-1147,CVE-2009-0910,CVE-2009-0909,CVE-2009-0908,CVE-2009-0177,CVE-2009-0518

VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。

VMWare的VMSA-2009-0005更新修复了多个安全漏洞,本地或远程攻击者可以利用这些漏洞绕过某些安全限制、获得权限提升或导致拒绝服务。

  1. 如果远程攻击者在TCP 912端口上向vmware-authd守护程序发送了超长的USER字符串的话,就会终止vmware-authd进程,本地非特权用户无法访问虚拟机。

  2. vmci.sys驱动的IOCTL处理器没有正确地验证Irp对象相关的缓冲区数据,拥有管理权限的本地用户可以在host或guest系统上获得SYSTEM权限。

  3. VMnc codec(vmnc.dll)在处理3以上类型的RFB消息时的错误可能允许特制的视频文件触发内存破坏。

  4. VMnc codec(vmnc.dll)没有正确地处理ICM_DECOMPRESS驱动消息,特制RIFF块中所定义的超长dwSize元素可以触发堆溢出。

  5. ACE共享文件夹功能中的错误可能导致无需管理权限便在guest上启用共享文件夹。

VMWare Workstation 6.5.x
VMWare Workstation 6.0.x
VMWare Workstation 5.5.x
VMWare ACE 2.5.x
VMWare ACE 2.0.x
VMWare Player 2.5.x
VMWare Player 2.0.x
VMWare Server 2.x
VMWare Server 1.x
VMWare

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://lists.vmware.com/pipermail/security-announce/2009/000054.html” target=“_blank”>http://lists.vmware.com/pipermail/security-announce/2009/000054.html</a>

Related

securityvulns 5
nessus 4
seebug 1
vmware 2
openvas 8
prion 10
cve 10
nvd 10
cvelist 10
ptsecurity 2
ubuntucve 1
gentoo 1
securityvulns
securityvulns
VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
2009-04-08 00:00:00
VMWare multiple security vulnerabilities
2009-04-12 00:00:00
TPTI-09-02: VMWare VMnc Codec Open-DML Standard Index dwSize Heap Overflow
2009-04-08 00:00:00
nessus
nessus
VMSA-2009-0005 : VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
2009-07-27 00:00:00
VMware Products Multiple Vulnerabilities (VMSA-2009-0005/VMSA-2009-0007)
2009-04-09 00:00:00
VMSA-2009-0006 : VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
2009-07-27 00:00:00
seebug
seebug
VMware宿主产品VMSA-2009-0005多个远程漏洞
2009-04-07 00:00:00
vmware
vmware
VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
2009-04-03 00:00:00
VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
2009-04-10 00:00:00
openvas
openvas
VMware Products Multiple Vulnerabilities (VMSA-2009-0005, VMSA-2009-0006) - Linux
2009-05-18 00:00:00
VMware Products Multiple Vulnerabilities (VMSA-2009-0005, VMSA-2009-0006) - Windows
2009-05-18 00:00:00
VMware Products Multiple Vulnerabilities (Windows) Apr09
2009-05-18 00:00:00
prion
prion
Code injection
2009-04-06 15:30:00
Server side request forgery (ssrf)
2008-08-21 17:41:00
Heap overflow
2009-04-06 15:30:00
cve
cve
CVE-2009-1146
2009-04-06 15:30:04
CVE-2008-4916
2009-04-06 15:30:01
CVE-2008-3761
2008-08-21 17:41:00
nvd
nvd
CVE-2009-1146
2009-04-06 15:30:04
CVE-2008-3761
2008-08-21 17:41:00
CVE-2009-0910
2009-04-06 15:30:04
cvelist
cvelist
CVE-2009-1146
2009-04-06 15:00:00
CVE-2008-3761
2008-08-21 17:00:00
CVE-2008-4916
2009-04-06 15:00:00
ptsecurity
ptsecurity
PT-2008-05: VMware Multiple Products vmci.sys Privilege Escalation Vulnerability
2009-04-06 00:00:00
PT-2008-07: VMware Multiple Products hcmon.sys Denial of Service Vulnerability
2009-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2009-1244
2009-04-13 00:00:00
gentoo
gentoo
VMware Player, Server, Workstation: Multiple vulnerabilities
2012-09-29 00:00:00

0.078 Low

EPSS

Percentile

94.2%

JSON
Related for SSV:5025
securityvulns5nessus4seebug1vmware2openvas8prion10cve10nvd10cvelist10ptsecurity2ubuntucve1gentoo1