Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-1877 to a friend New vulnerability? New tool? Tell us	CVE-2007-1877 VMware Multiple DoS     Credit: The information has been provided by VMware Security team. Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-1877 Details Check for CVE-2007-1877 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * VMware Workstation version prior to 5.5.4  * VMware Player version prior to 1.0.4  * VMware Server version prior to 1.0.3  * VMware ACE version prior to 1.0.3 Denial-of-Service on Windows based guest operating systems. Some VMware products managed memory in a way that failed to gracefully handle some general protection faults (GPFs) in Windows guest operating systems. A malicious user could use this vulnerability to crash Windows virtual machines. While this vulnerability could allow an attacker to crash a virtual machine, we do not believe it was possible to escalate privileges or escape virtual containment. VMware thanks Rub n Santamarta of Reversemode for identifying and reporting this issue. CVE Information: CVE-2007-1069 Fixes:  * VMware Workstation version 5.5.4 (Build# 44386)  * VMware Player version 1.0.4 (Build# 44386)  * VMware Server version 1.0.3 (Build# 44356)  * VMware ACE version 1.0.3 (Build# 44385) Denial-of-Service using ACPI I/O ports Virtual machines can be put in various states of suspension, as specified by the ACPI power management standard. When returning from a sleep state (S2) to the run state (S0), the virtual machine process (VMX) collects information about the last recorded running state for the virtual machine. Under some circumstances, VMX read state information from an incorrect memory location. This issue could be used to complete a successful Denial-of-Service attack where the virtual machine would need to be rebooted. Thanks to Tavis Ormandy of Google for identifying this issue: http://taviso.decsystem.org/virtsec.pdf CVE Information: CVE-2007-1337 Fixes:  * VMware Workstation version 5.5.4 (Build# 44386)  * VMware Player version 1.0.4 (Build# 44386)  * VMware Server version 1.0.3 (Build# 44356)  * VMware ACE version 1.0.3 (Build# 44385) Denial-of-Service using malformed configuration data Some VMware products support storing configuration information in VMDB files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of-Service attack on guest operating systems. VMware would like to thank Per-Fredrik Pollnow and Mikael Janers technical security consultants at SunGard iXsecurity. CVE Information: CVE-2007-1877 Fixes:  * VMware Workstation version 5.5.4 (Build# 44386)  * VMware Player version 1.0.4 (Build# 44386)  * VMware Server version 1.0.3 (Build# 44356)  * VMware ACE version 1.0.3 (Build# 44385) Debugging local programs could create system instability In a 64-bit Windows guest on a 64-bit host, debugging local programs could create system instability. Using a debugger to step into a syscall instruction may corrupt the virtual machine's register context. This corruption produces unpredictable results including corrupted stack pointers, kernel bugchecks, or vmware-vmx process failures. Thanks to Ken Johnson for identifying this issue. CVE Information: CVE-2007-1876 Fixes:  * VMware Workstation version 5.5.4 (Build# 44386)  * VMware Player version 1.0.4 (Build# 44386)  * VMware Server version 1.0.3 (Build# 44356)  * VMware ACE version 1.0.3 (Build# 44385) Directory traversal vulnerability in shared folders feature Shared Folders is a feature that enables users of guest operating systems to access a specified set of folders in the host's file system. A vulnerability was identified by Greg MacManus of iDefense Labs that could allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. In order to exploit this vulnerability, the VMware system must have at least one folder shared. Although the Shared Folder feature is enabled by default, no folders are shared by default, which means this vulnerability is not exploitable by default. CVE Information: CVE-2007-1744 Fixes:  * VMware Workstation version 5.5.4 (Build# 44386)  * VMware Player version 1.0.4 (Build# 44386)  * VMware Server version 1.0.3 (Build# 44356)  * VMware ACE version 1.0.3 (Build# 44385) Solution: Hosted products can be downloaded from the following locations:  * VMware Workstation 5.5.4 http://www.vmware.com/download/ws/  * VMware Server 1.0.3 http://www.vmware.com/download/server/  * VMware Player 1.0.4 http://www.vmware.com/download/player/  * VMware ACE 1.0.3 http://www.vmware.com/download/ace/ Note: ACE 2, a major release of ACE, will be available very shortly. It is targeted for an early May 07 release. A release candidate build is posted publicly on the VMware beta products site. In addition to new functionality, ACE 2 addresses all issues outlined in the posted ACE 1.0.3 release notes. Anyone considering a patch or upgrade may wish to plan for a move directly to the ACE 2 GA release.  Comments on CVE-2007-1877:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®