VMware Products Multiple Vulnerabilities (VMSA-2008-0009)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by
multiple issues.

Description :

A VMware product installed on the remote host is affected by multiple
vulnerabilities.

- A local privilege escalation issue in 'HGFS.sys' driver
included with the VMware Tools package, could allow an
unprivileged guest user to execute arbitrary code on the
guest system. It should be noted that installing the new
releases of the affected product will not resolve the
issue. In order to successfully apply this patch VMware
Tools package should be updated on each Windows based
guest followed by a reboot of the guest system.
(CVE-2007-5671)

- Multiple buffer overflow vulnerabilities in VMware VIX
API, which is disabled by default, could allow arbitrary
code execution on the host system from the guest
operating system. (CVE-2008-2100)

See also :

http://www.nessus.org/u?58ed8a38
http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Solution :

Upgrade to :

- VMware Workstation 6.0.4/5.5.7 or higher.
- VMware Player 2.0.4/1.0.6 or higher.
- VMware Server 1.0.6 or higher.
- VMware ACE 2.0.4 or higher.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 33105 ()

Bugtraq ID: 29552
29549

CVE ID: CVE-2007-5671
CVE-2008-2100

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now