There has been found two vulnerabilities in VMware software that enable privilege escalation. The first vulnerability is related to VMware's way to emulate CPU hardware in virtual machine (CVE-2008-4915). The second issue is related to VirtualCenter software's way to handle directories (CVE-2008-4281).
Summary of affected versions:
- VMware Workstation 6.0.5 and earlier versions
- VMware Workstation 5.5.8 and earlier versions
- VMware Player 2.0.5 and earlier versions
- VMware Player 1.0.8 and earlier versions
- VMware ACE 2.0.5 and earlier versions
- VMware ACE 1.0.7 and earlier versions
- VMware Server 1.0.7 and earlier versions
- VMware ESXi 3.5 lacking update ESXe350-200810401-O-UG
- VMware ESX 3.5 lacking update ESX350-200810201-UG
- VMware ESX 3.0.3 lacking update ESX303-200810501-BG
- VMware ESX 3.0.2 lacking update ESX-1006680
- VMware ESX 2.5.5 before 'upgrade patch 10' -update
- VMware ESX 2.5.4 lacking 'upgrade patch 21' -update
To solve the issues users of affected versions are instructed to update their products according to the VMware's instructions.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment