Skip to main content

VMwareProducts Code Execution and Denial of Service Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 7 Apr 2009 5512 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by attackers or malicious users to cause a denial of service, gain elevated privileges, or execute arbitrary code.

1. An unspecified error in a guest virtual device driver, which could allow a guest operating system to crash the host, creating a denial of service condition.

2. Unspecified errors in an ioctl in "hcmon.sys", which could be exploited by a privileged Windows account to create a denial of service on a Windows-based host.

3. An error in the Virtual Machine Communication Interface (VMCI) driver (vmci.sys), which could allow privilege escalation on Windows-based machines (hosts and guests). VMware ESX is not affected.

4. Heap overflow errors in the VNnc Codec, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a malicious web page or opening a specially crafted video file. VMware ESX is not affected.

5. An error in the "vmware-authd" daemon when processing overly long data (e.g. username or password) sent to port 912/TCP, which could be exploited to crash an affected system and cause a denial of service.

6. A weakness is caused due to the password for VirtualCenter Server being present in the memory of the VI Client after logging in to VirtualCenter Server with VI Client.

7. An unspecified error in the ACE shared folders, which could allow a previously disabled and not removed shared folder in the guest to be enabled by a non ACE Administrator. The issues only affects VMware ACE.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution

System / Technologies affected

  • VMware Workstation version 6.5.1 and prior
  • VMware Player version 2.5.1 and prior
  • VMware ACE version 2.5.1 and prior
  • VMware Server version 2.0
  • VMware Server version 1.0.8 and prior
  • VMware ESXi version 3.5
  • VMware ESX version 3.5
  • VMware ESX version 3.0.3
  • VMware ESX version 3.0.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link