cvelistv5 - CVE-2008-2100

CVE-2008-2100 (GCVE-0-2008-2100)

Vulnerability from cvelistv5 – Published: 2008-06-05 20:21 – Updated: 2024-08-07 08:49

Summary

Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://security.gentoo.org/glsa/glsa-201209-25.xml	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2008/1744	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1020200	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/30556	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/29552	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/493080/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/3922	third-party-advisoryx_refsource_SREASON

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:49:57.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "ADV-2008-1744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "name": "1020200",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020200"
          },
          {
            "name": "vmware-vixapi-multiple-unspecified-bo(42872)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
          },
          {
            "name": "oval:org.mitre.oval:def:5647",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "30556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30556"
          },
          {
            "name": "oval:org.mitre.oval:def:5081",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
          },
          {
            "name": "29552",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29552"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "3922",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3922"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "ADV-2008-1744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1744"
        },
        {
          "name": "1020200",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020200"
        },
        {
          "name": "vmware-vixapi-multiple-unspecified-bo(42872)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
        },
        {
          "name": "oval:org.mitre.oval:def:5647",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
        },
        {
          "name": "30556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30556"
        },
        {
          "name": "oval:org.mitre.oval:def:5081",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
        },
        {
          "name": "29552",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29552"
        },
        {
          "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
        },
        {
          "name": "3922",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3922"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2100",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "1020200",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020200"
            },
            {
              "name": "vmware-vixapi-multiple-unspecified-bo(42872)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
            },
            {
              "name": "oval:org.mitre.oval:def:5647",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "30556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30556"
            },
            {
              "name": "oval:org.mitre.oval:def:5081",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
            },
            {
              "name": "29552",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29552"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            },
            {
              "name": "3922",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3922"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2100",
    "datePublished": "2008-06-05T20:21:00",
    "dateReserved": "2008-05-07T00:00:00",
    "dateUpdated": "2024-08-07T08:49:57.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0\", \"versionEndIncluding\": \"1.0.5\", \"matchCriteriaId\": \"C67E8ABD-4BC9-4A68-A1A8-517574B54FBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0\", \"versionEndIncluding\": \"2.0.3\", \"matchCriteriaId\": \"13B407FC-39E6-4504-AA38-28F45B10B462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BE184CF-CD55-4F32-9294-A680A4DD3870\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD59C463-F352-4F6C-853F-415E3FB4ABDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.1\", \"matchCriteriaId\": \"C5AE1C86-62E7-470E-BB1B-1AAEE3192D91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndIncluding\": \"1.0.6\", \"matchCriteriaId\": \"093FA9F6-A59D-4C09-B133-002573AB05BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0\", \"versionEndIncluding\": \"2.0.3\", \"matchCriteriaId\": \"318E110E-C2E3-4332-BD84-7ABBFBF2309B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.5\", \"matchCriteriaId\": \"BEC0931F-7BB8-4CFD-9533-A62367661810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndIncluding\": \"5.5.6\", \"matchCriteriaId\": \"0E456E5A-C2F5-4FA1-94F0-2BBD81A766D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndIncluding\": \"6.0.3\", \"matchCriteriaId\": \"40ED2686-C461-4C16-A50F-D56E369879CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECFD8D25-7FDF-48DF-8728-5875C44FFB53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFF29100-E124-4416-95CF-18B4246D43F2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, y VMware ESX 3.0.1 hasta la 3.5, permite a los usuarios del sistema hu\\u00e9sped, ejecutar c\\u00f3digo arbitrario en el sistema anfitri\\u00f3n a trav\\u00e9s de vectores no espec\\u00edficos.\\r\\n\"}]",
      "id": "CVE-2008-2100",
      "lastModified": "2024-11-21T00:46:05.423",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-06-05T20:32:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/30556\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3922\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1020200\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/493080/100/0/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/29552\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1744\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42872\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30556\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1020200\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/493080/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/29552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1744\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42872\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}, {\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2100\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-06-05T20:32:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, y VMware ESX 3.0.1 hasta la 3.5, permite a los usuarios del sistema hu\u00e9sped, ejecutar c\u00f3digo arbitrario en el sistema anfitri\u00f3n a trav\u00e9s de vectores no espec\u00edficos.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.0.5\",\"matchCriteriaId\":\"C67E8ABD-4BC9-4A68-A1A8-517574B54FBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndIncluding\":\"2.0.3\",\"matchCriteriaId\":\"13B407FC-39E6-4504-AA38-28F45B10B462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BE184CF-CD55-4F32-9294-A680A4DD3870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD59C463-F352-4F6C-853F-415E3FB4ABDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.1\",\"matchCriteriaId\":\"C5AE1C86-62E7-470E-BB1B-1AAEE3192D91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.0.6\",\"matchCriteriaId\":\"093FA9F6-A59D-4C09-B133-002573AB05BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndIncluding\":\"2.0.3\",\"matchCriteriaId\":\"318E110E-C2E3-4332-BD84-7ABBFBF2309B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5\",\"matchCriteriaId\":\"BEC0931F-7BB8-4CFD-9533-A62367661810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndIncluding\":\"5.5.6\",\"matchCriteriaId\":\"0E456E5A-C2F5-4FA1-94F0-2BBD81A766D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndIncluding\":\"6.0.3\",\"matchCriteriaId\":\"40ED2686-C461-4C16-A50F-D56E369879CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECFD8D25-7FDF-48DF-8728-5875C44FFB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFF29100-E124-4416-95CF-18B4246D43F2\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/30556\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3922\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020200\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/29552\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42872\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30556\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1020200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/29552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTA-2008-AVI-291

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits de virtualisation VMware. Ces vulnérabilités peuvent être exploitées en local afin de contourner la politique de sécurité ou d'obtenir des privilèges élevés.

Description

Quatres vulnérabilités ont été découvertes dans les produits VMware :

la première est présente au niveau du pilote HGFS.sys, installé par l'ensemble d'outils VMTools. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire sous des privilèges élevés sur une machine virtuelle (guest) Windows ;
la deuxième est due à une erreur au niveau du démon vmware-authd. Elle peut être exploitée sur une machine hôte Linux afin d'obtenir des privilèges élevés ;
la troisième résulte d'une erreur dans le service de gestion Openwsman. Cette vulnérabilité peut être exploitée afin d'obtenir les privilèges administrateur (root) sur un hôte Linux.
la quatrième vulnérabilité résulte de plusieurs erreurs aux limites dans VMware VIX API, entraînant un certain nombre de possibilités de débordement d'allocation mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5.x;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware VIX API 1.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	N/A	VMware Server 1.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0009 du 04 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nQuatres vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware :\n\n-   la premi\u00e8re est pr\u00e9sente au niveau du pilote HGFS.sys, install\u00e9 par\n    l\u0027ensemble d\u0027outils VMTools. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire sous des privil\u00e8ges \u00e9lev\u00e9s sur\n    une machine virtuelle (guest) Windows ;\n-   la deuxi\u00e8me est due \u00e0 une erreur au niveau du d\u00e9mon vmware-authd.\n    Elle peut \u00eatre exploit\u00e9e sur une machine h\u00f4te Linux afin d\u0027obtenir\n    des privil\u00e8ges \u00e9lev\u00e9s ;\n-   la troisi\u00e8me r\u00e9sulte d\u0027une erreur dans le service de gestion\n    Openwsman. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e afin d\u0027obtenir\n    les privil\u00e8ges administrateur (root) sur un h\u00f4te Linux.\n-   la quatri\u00e8me vuln\u00e9rabilit\u00e9 r\u00e9sulte de plusieurs erreurs aux limites\n    dans VMware VIX API, entra\u00eenant un certain nombre de possibilit\u00e9s de\n    d\u00e9bordement d\u0027allocation m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5671"
    },
    {
      "name": "CVE-2008-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2097"
    },
    {
      "name": "CVE-2008-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2100"
    },
    {
      "name": "CVE-2008-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0967"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-291",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nvirtualisation VMware. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es en\nlocal afin de contourner la politique de s\u00e9curit\u00e9 ou d\u0027obtenir des\nprivil\u00e8ges \u00e9lev\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0009 du 04 juin 2008",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    }
  ]
}

CERTA-2008-AVI-291

Vulnerability from certfr_avis - Published: - Updated:

Description

Quatres vulnérabilités ont été découvertes dans les produits VMware :

la première est présente au niveau du pilote HGFS.sys, installé par l'ensemble d'outils VMTools. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire sous des privilèges élevés sur une machine virtuelle (guest) Windows ;
la deuxième est due à une erreur au niveau du démon vmware-authd. Elle peut être exploitée sur une machine hôte Linux afin d'obtenir des privilèges élevés ;
la troisième résulte d'une erreur dans le service de gestion Openwsman. Cette vulnérabilité peut être exploitée afin d'obtenir les privilèges administrateur (root) sur un hôte Linux.
la quatrième vulnérabilité résulte de plusieurs erreurs aux limites dans VMware VIX API, entraînant un certain nombre de possibilités de débordement d'allocation mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5.x;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware VIX API 1.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	N/A	VMware Server 1.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0009 du 04 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nQuatres vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware :\n\n-   la premi\u00e8re est pr\u00e9sente au niveau du pilote HGFS.sys, install\u00e9 par\n    l\u0027ensemble d\u0027outils VMTools. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire sous des privil\u00e8ges \u00e9lev\u00e9s sur\n    une machine virtuelle (guest) Windows ;\n-   la deuxi\u00e8me est due \u00e0 une erreur au niveau du d\u00e9mon vmware-authd.\n    Elle peut \u00eatre exploit\u00e9e sur une machine h\u00f4te Linux afin d\u0027obtenir\n    des privil\u00e8ges \u00e9lev\u00e9s ;\n-   la troisi\u00e8me r\u00e9sulte d\u0027une erreur dans le service de gestion\n    Openwsman. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e afin d\u0027obtenir\n    les privil\u00e8ges administrateur (root) sur un h\u00f4te Linux.\n-   la quatri\u00e8me vuln\u00e9rabilit\u00e9 r\u00e9sulte de plusieurs erreurs aux limites\n    dans VMware VIX API, entra\u00eenant un certain nombre de possibilit\u00e9s de\n    d\u00e9bordement d\u0027allocation m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5671"
    },
    {
      "name": "CVE-2008-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2097"
    },
    {
      "name": "CVE-2008-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2100"
    },
    {
      "name": "CVE-2008-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0967"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-291",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nvirtualisation VMware. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es en\nlocal afin de contourner la politique de s\u00e9curit\u00e9 ou d\u0027obtenir des\nprivil\u00e8ges \u00e9lev\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0009 du 04 juin 2008",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    }
  ]
}

GSD-2008-2100

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-2100

Aliases

CVE-2008-2100

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2100",
    "description": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.",
    "id": "GSD-2008-2100"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2100"
      ],
      "details": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.",
      "id": "GSD-2008-2100",
      "modified": "2023-12-13T01:23:00.514259Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2100",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201209-25",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "ADV-2008-1744",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "name": "1020200",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020200"
          },
          {
            "name": "vmware-vixapi-multiple-unspecified-bo(42872)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
          },
          {
            "name": "oval:org.mitre.oval:def:5647",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "30556",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30556"
          },
          {
            "name": "oval:org.mitre.oval:def:5081",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
          },
          {
            "name": "29552",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29552"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "3922",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3922"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.6",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.3",
                "versionStartIncluding": "2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.3",
                "versionStartIncluding": "2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.3",
                "versionStartIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.5",
                "versionStartIncluding": "1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.5.6",
                "versionStartIncluding": "5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2100"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "1020200",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1020200"
            },
            {
              "name": "30556",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/30556"
            },
            {
              "name": "29552",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/29552"
            },
            {
              "name": "3922",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/3922"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "vmware-vixapi-multiple-unspecified-bo(42872)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
            },
            {
              "name": "oval:org.mitre.oval:def:5647",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
            },
            {
              "name": "oval:org.mitre.oval:def:5081",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-08-14T11:29Z",
      "publishedDate": "2008-06-05T20:32Z"
    }
  }
}

GHSA-HQVV-32VG-GX63

Vulnerability from github – Published: 2022-05-01 23:46 – Updated: 2022-05-01 23:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-05T20:32:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.",
  "id": "GHSA-hqvv-32vg-gx63",
  "modified": "2022-05-01T23:46:39Z",
  "published": "2022-05-01T23:46:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2100"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020200"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29552"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-2100

Vulnerability from fkie_nvd - Published: 2008-06-05 20:32 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/30556	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201209-25.xml	Third Party Advisory
cve@mitre.org	http://securityreason.com/securityalert/3922	Third Party Advisory
cve@mitre.org	http://securitytracker.com/id?1020200	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/493080/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/29552	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1744	Permissions Required
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42872	Third Party Advisory, VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30556	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201209-25.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3922	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020200	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493080/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29552	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1744	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42872	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647	Third Party Advisory

Impacted products

Vendor	Product	Version
vmware	ace	*
vmware	ace	*
vmware	esx_server	3.0
vmware	esx_server	3.5
vmware	esxi	3.5
vmware	fusion	*
vmware	player	*
vmware	player	*
vmware	server	*
vmware	workstation	*
vmware	workstation	*
vmware	esx	2.5.4
vmware	esx	2.5.5
vmware	esx	3.0.0
vmware	esx	3.0.1
vmware	esx	3.0.2
vmware	esx	3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C67E8ABD-4BC9-4A68-A1A8-517574B54FBB",
              "versionEndIncluding": "1.0.5",
              "versionStartIncluding": "1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13B407FC-39E6-4504-AA38-28F45B10B462",
              "versionEndIncluding": "2.0.3",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE184CF-CD55-4F32-9294-A680A4DD3870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5AE1C86-62E7-470E-BB1B-1AAEE3192D91",
              "versionEndIncluding": "1.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "093FA9F6-A59D-4C09-B133-002573AB05BA",
              "versionEndIncluding": "1.0.6",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "318E110E-C2E3-4332-BD84-7ABBFBF2309B",
              "versionEndIncluding": "2.0.3",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC0931F-7BB8-4CFD-9533-A62367661810",
              "versionEndIncluding": "1.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E456E5A-C2F5-4FA1-94F0-2BBD81A766D5",
              "versionEndIncluding": "5.5.6",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40ED2686-C461-4C16-A50F-D56E369879CC",
              "versionEndIncluding": "6.0.3",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECFD8D25-7FDF-48DF-8728-5875C44FFB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, y VMware ESX 3.0.1 hasta la 3.5, permite a los usuarios del sistema hu\u00e9sped, ejecutar c\u00f3digo arbitrario en el sistema anfitri\u00f3n a trav\u00e9s de vectores no espec\u00edficos.\r\n"
    }
  ],
  "id": "CVE-2008-2100",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-05T20:32:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1020200"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29552"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1020200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/29552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2100 (GCVE-0-2008-2100)

CERTA-2008-AVI-291

Description

Solution

CERTA-2008-AVI-291

Description

Solution

GSD-2008-2100

GHSA-HQVV-32VG-GX63

FKIE_CVE-2008-2100

Tags

Sightings

Nomenclature