VMware Products Multiple Vulnerabilities (VMSA-2009-0005/VMSA-2009-0007)

high Nessus Plugin ID 36117
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has an application that is affected by multiple issues.

Description

VMware products installed on the remote host are reportedly affected by multiple vulnerabilities :

 - A vulnerability in the guest virtual device driver could allow an attacker to use the guest operating system to crash the host operating system. (CVE-2008-3761)

 - A denial of service vulnerability affects an unspecified IOCTL contained in the 'hcmon.sys' driver. An attacker can exploit this in order to deny service on a Windows- based host. (CVE-2009-1146, CVE-2008-3761)

 - A privilege escalation vulnerability affects the 'vmci.sys' driver on Windows-based machines. An attacker can exploit this in order to gain escalated privileges on either the host or the guest. (CVE-2009-1147)

 - The 'VNnc' codec is affected by two heap-based buffer overflow vulnerabilities. An attacker can exploit these to execute arbitrary code on VMware hosted products by tricking a user into opening a malicious file.
 (CVE-2009-0909, CVE-2009-0910)

 - A vulnerability in ACE shared folder may allow attackers to enable previously disabled shared ACE folders. This only affects VMware ACE. (CVE-2009-0908)

 - A remote denial of service vulnerability affects Windows hosts. An attacker can exploit this to crash the affected host. (CVE-2009-0177)

 - A vulnerability in the virtual machine display function may allow a guest operating system to run code on the host. (CVE-2009-1244)

 - A vulnerability in VMware Descheduled Time Accounting Service could be exploited to trigger a denial of service condition in Windows-based virtual machines. It should be noted that, this feature is optional, and the vulnerability can be exploited only if the feature is installed, and the affected service is not running in the virtual machine. (CVE-2009-1805)

Solution

Upgrade to :

 - VMware Workstation 6.5.2 or higher.
 - VMware Server 2.0.1/1.0.9 or higher.
 - VMware Player 2.5.2 or higher.
 - VMware ACE 2.5.2 or higher.

See Also

https://www.vmware.com/security/advisories/VMSA-2009-0005.html

https://www.vmware.com/security/advisories/VMSA-2009-0006.html

https://www.vmware.com/security/advisories/VMSA-2009-0007.html

https://www.vmware.com/support/ws65/doc/releasenotes_ws652.html

https://www.vmware.com/support/player25/doc/releasenotes_player252.html

https://www.vmware.com/support/ace25/doc/releasenotes_ace252.html

https://www.vmware.com/support/server2/doc/releasenotes_vmserver201.html

Plugin Details

Severity: High

ID: 36117

File Name: vmware_multiple_vmsa_2009_0005.nasl

Version: 1.27

Type: local

Agent: windows

Family: Windows

Published: 4/9/2009

Updated: 11/15/2018

Dependencies: vmware_workstation_detect.nasl, vmware_server_win_detect.nasl, vmware_player_detect.nasl, vmware_ace_detect.nasl

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:ace, cpe:/a:vmware:vmware_player, cpe:/a:vmware:vmware_server, cpe:/a:vmware:vmware_workstation

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (CANVAS)

ExploitHub (EH-14-757)

Reference Information

CVE: CVE-2008-3761, CVE-2008-4916, CVE-2009-0177, CVE-2009-0518, CVE-2009-0908, CVE-2009-0909, CVE-2009-0910, CVE-2009-1146, CVE-2009-1147, CVE-2009-1244, CVE-2009-1805

BID: 34373, 34471, 35141

VMSA: 2009-0005, 2009-0006, 2009-0007

EDB-ID: 6262, 7647

Secunia: 33372

CWE: 20, 119, 200, 399