1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




VMware Workstation Multiple Vulnerabilities

Report ID: SA29413
Source: Secunia
Date of Discovery: 17.03.2008
Criticality: Low
Affects:
VMware ACE 1.x
VMWare ACE 2.x
VMware Player 1.x
VMWare Player 2.x
VMware Workstation 5.x
VMware Workstation 6.x

Compromise From: From remote
Compromise Type: Privilege escalation
DoS

Summary

Some vulnerabilities have been reported in VMware Server, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to cause a DoS (Denial of Service).

Detailed Description

Some vulnerabilities have been reported in VMware Server, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to cause a DoS (Denial of Service).

1) A vulnerability in "authd" can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA22130

2) Some vulnerabilities in OpenSSL can potentially be exploited by malicious people to cause a DoS.

For more information:
SA29412

The vulnerabilities are reported in versions prior to 6.0.3.

3) Some vulnerabilities in libpng can potentially be exploited by malicious people to cause a DoS.

For more information:
SA27093

4) Improper registered services can be exploited to gain escalated privileges on Windows 2000 hosts.

This is related to vulnerability #6 in:
SA26890

5) An unspecified error in the DHCP service can be exploited to cause a DoS.

NOTE: This issue doesn't affect the latest versions of VMware Workstation 6.x, VMware Player 2.x, and ACE 2.x.

6) An error due to insecure file permissions on "config.ini" can be exploited by malicious, local users to gain escalated privileges.

For more information see vulnerability #3 in:
SA29412

7) An unspecified error in the Virtual Machine Communication Interface (VMCI) can be exploited to crash the host system.

 

Solution

VMware Workstation 6.x:
Update to version 6.0.3.
www.vmware.com/download/ws/

VMware Workstation 5.x:
Update to version 5.5.6.
www.vmware.com/download/ws/ws5.html

VMware ACE:
Update for version 2.0.3 or 1.0.5.
www.vmware.com/download/ace/

VMware Fusion 1.x:
Update to version 1.1.1.
www.vmware.com/download/fusion/

VMware Player:
Update to version 2.0.3 and 1.0.6
www.vmware.com/download/player/

Original Reference

-

CVE Reference

CVE-2006-2937
CVE-2006-2940
CVE-2006-4343