Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 vulnerabilities (USN-543-1)

Ubuntu Security Notice (C) 2007-2014 Canonical, Inc. / NASL script (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Neel Mehta and Ryan Smith discovered that the VMware Player DHCP
server did not correctly handle certain packet structures. Remote
attackers could send specially crafted packets and gain root
privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)

Rafal Wojtczvk discovered multiple memory corruption issues in VMware
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true