VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VMWare product(s) that are vulnerable to privilege escalation vulnerability.

Impact

Successful exploitation allow attackers to execute arbitrary code on the affected system and users could bypass certain security restrictions or can gain escalated privileges. Impact Level : System

Solution

Upgrade VMware latest versions, www.vmware.com/download/ws/ www.vmware.com/download/player/ www.vmware.com/download/server/

Insight

The issue is due to an error in the CPU hardware emulation while handling the trap flag.

Affected

VMware Server 1.x - 1.0.7 on Linux VMware Player 1.x - 1.0.8 and 2.x - 2.0.5 on Linux VMware Workstation 6.0.5 and earlier on all Linux

References

http://www.frsirt.com/english/advisories/2008/3052
http://www.vmware.com/security/advisories/VMSA-2008-0018.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4915, CVE-2008-4917

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Air Multiple Vulnerabilities - November12 (Windows)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe AIR Security Bypass Vulnerability Jan14 (Windows)

Take action and discover your vulnerabilities