cvelistv5 - cve-2007-5671

CVE-2007-5671 (GCVE-0-2007-5671)

Vulnerability from cvelistv5 – Published: 2008-06-05 20:21 – Updated: 2024-08-07 15:39

Summary

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://security.gentoo.org/glsa/glsa-201209-25.xml	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2008/1744	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/30556	third-party-advisoryx_refsource_SECUNIA
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/493172/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/493080/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1020197	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/493148/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/3922	third-party-advisoryx_refsource_SREASON

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "ADV-2008-1744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "name": "oval:org.mitre.oval:def:5688",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "30556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30556"
          },
          {
            "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
          },
          {
            "name": "oval:org.mitre.oval:def:5358",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
          },
          {
            "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "1020197",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020197"
          },
          {
            "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
          },
          {
            "name": "3922",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3922"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "ADV-2008-1744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1744"
        },
        {
          "name": "oval:org.mitre.oval:def:5688",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
        },
        {
          "name": "30556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30556"
        },
        {
          "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
        },
        {
          "name": "oval:org.mitre.oval:def:5358",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
        },
        {
          "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
        },
        {
          "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
        },
        {
          "name": "1020197",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020197"
        },
        {
          "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
        },
        {
          "name": "3922",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3922"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "oval:org.mitre.oval:def:5688",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "30556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30556"
            },
            {
              "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
            },
            {
              "name": "oval:org.mitre.oval:def:5358",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
            },
            {
              "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            },
            {
              "name": "1020197",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020197"
            },
            {
              "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
            },
            {
              "name": "3922",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3922"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5671",
    "datePublished": "2008-06-05T20:21:00",
    "dateReserved": "2007-10-23T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"700C0BB4-2272-4405-9D9A-A636E3D22461\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFC82A8C-E561-4E35-A84D-66A4D6C90264\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D346E48-887C-4D02-BFD3-D323B7F3871C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9C6150A-2DF3-4F7B-B024-0F3DBB686124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40192EE1-A300-42C3-BC98-286C9E5A281E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADCA876-2B69-4267-8467-E7E470428D32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8DD6D27-1335-44EF-8B69-A9163A67BC2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3771AFCF-E247-427A-8076-9E36EA457658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17C124AC-C421-459E-8251-E7B3BD33874B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65DD6966-72EA-4C4D-BC90-B0D534834BA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBFC9B7A-8A40-467B-9102-EE5259EC4D14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB9565E5-042E-4C62-A7C7-54808B15F0BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B2C792F-48DA-46B5-B42E-9A045B393531\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6968BBA4-3A55-4495-ACB2-6F7535EBEAF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6FFF35E-DCFC-4C13-8C5A-7CE80A161370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"270D5FAD-A226-4F6F-BF0B-2C6D91C525D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"504CD24F-2EC6-45C0-8E46-69BAE8483521\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"294B621F-6C1A-4571-AE13-49495680D255\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BA47458-E783-4A6A-ABF1-59E8D87E9B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16A1141D-9718-4A22-8FF2-AEAD28E07291\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\\\\\.\\\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.\"}, {\"lang\": \"es\", \"value\": \"HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia  \\\\\\\\.\\\\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elecci\\u00f3n en el n\\u00facleo de la memoria del sistema huesped y as\\u00ed obtener privilegios.\"}]",
      "id": "CVE-2007-5671",
      "lastModified": "2024-11-21T00:38:25.913",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2008-06-05T20:32:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30556\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3922\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1020197\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493080/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493148/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493172/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1744\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30556\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1020197\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493080/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493148/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493172/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1744\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5671\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-06-05T20:32:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\\\\\.\\\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.\"},{\"lang\":\"es\",\"value\":\"HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia  \\\\\\\\.\\\\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elecci\u00f3n en el n\u00facleo de la memoria del sistema huesped y as\u00ed obtener privilegios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"700C0BB4-2272-4405-9D9A-A636E3D22461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFC82A8C-E561-4E35-A84D-66A4D6C90264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D346E48-887C-4D02-BFD3-D323B7F3871C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9C6150A-2DF3-4F7B-B024-0F3DBB686124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40192EE1-A300-42C3-BC98-286C9E5A281E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADCA876-2B69-4267-8467-E7E470428D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DD6D27-1335-44EF-8B69-A9163A67BC2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3771AFCF-E247-427A-8076-9E36EA457658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C124AC-C421-459E-8251-E7B3BD33874B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65DD6966-72EA-4C4D-BC90-B0D534834BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBFC9B7A-8A40-467B-9102-EE5259EC4D14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB9565E5-042E-4C62-A7C7-54808B15F0BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B2C792F-48DA-46B5-B42E-9A045B393531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6968BBA4-3A55-4495-ACB2-6F7535EBEAF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6FFF35E-DCFC-4C13-8C5A-7CE80A161370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"270D5FAD-A226-4F6F-BF0B-2C6D91C525D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"504CD24F-2EC6-45C0-8E46-69BAE8483521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294B621F-6C1A-4571-AE13-49495680D255\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BA47458-E783-4A6A-ABF1-59E8D87E9B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A1141D-9718-4A22-8FF2-AEAD28E07291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30556\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3922\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1020197\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/493148/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/493172/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30556\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1020197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/493148/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/493172/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-291

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits de virtualisation VMware. Ces vulnérabilités peuvent être exploitées en local afin de contourner la politique de sécurité ou d'obtenir des privilèges élevés.

Description

Quatres vulnérabilités ont été découvertes dans les produits VMware :

la première est présente au niveau du pilote HGFS.sys, installé par l'ensemble d'outils VMTools. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire sous des privilèges élevés sur une machine virtuelle (guest) Windows ;
la deuxième est due à une erreur au niveau du démon vmware-authd. Elle peut être exploitée sur une machine hôte Linux afin d'obtenir des privilèges élevés ;
la troisième résulte d'une erreur dans le service de gestion Openwsman. Cette vulnérabilité peut être exploitée afin d'obtenir les privilèges administrateur (root) sur un hôte Linux.
la quatrième vulnérabilité résulte de plusieurs erreurs aux limites dans VMware VIX API, entraînant un certain nombre de possibilités de débordement d'allocation mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5.x;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware VIX API 1.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	N/A	VMware Server 1.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0009 du 04 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nQuatres vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware :\n\n-   la premi\u00e8re est pr\u00e9sente au niveau du pilote HGFS.sys, install\u00e9 par\n    l\u0027ensemble d\u0027outils VMTools. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire sous des privil\u00e8ges \u00e9lev\u00e9s sur\n    une machine virtuelle (guest) Windows ;\n-   la deuxi\u00e8me est due \u00e0 une erreur au niveau du d\u00e9mon vmware-authd.\n    Elle peut \u00eatre exploit\u00e9e sur une machine h\u00f4te Linux afin d\u0027obtenir\n    des privil\u00e8ges \u00e9lev\u00e9s ;\n-   la troisi\u00e8me r\u00e9sulte d\u0027une erreur dans le service de gestion\n    Openwsman. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e afin d\u0027obtenir\n    les privil\u00e8ges administrateur (root) sur un h\u00f4te Linux.\n-   la quatri\u00e8me vuln\u00e9rabilit\u00e9 r\u00e9sulte de plusieurs erreurs aux limites\n    dans VMware VIX API, entra\u00eenant un certain nombre de possibilit\u00e9s de\n    d\u00e9bordement d\u0027allocation m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5671"
    },
    {
      "name": "CVE-2008-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2097"
    },
    {
      "name": "CVE-2008-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2100"
    },
    {
      "name": "CVE-2008-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0967"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-291",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nvirtualisation VMware. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es en\nlocal afin de contourner la politique de s\u00e9curit\u00e9 ou d\u0027obtenir des\nprivil\u00e8ges \u00e9lev\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0009 du 04 juin 2008",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    }
  ]
}

CERTA-2008-AVI-291

Vulnerability from certfr_avis - Published: - Updated:

Description

Quatres vulnérabilités ont été découvertes dans les produits VMware :

la première est présente au niveau du pilote HGFS.sys, installé par l'ensemble d'outils VMTools. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire sous des privilèges élevés sur une machine virtuelle (guest) Windows ;
la deuxième est due à une erreur au niveau du démon vmware-authd. Elle peut être exploitée sur une machine hôte Linux afin d'obtenir des privilèges élevés ;
la troisième résulte d'une erreur dans le service de gestion Openwsman. Cette vulnérabilité peut être exploitée afin d'obtenir les privilèges administrateur (root) sur un hôte Linux.
la quatrième vulnérabilité résulte de plusieurs erreurs aux limites dans VMware VIX API, entraînant un certain nombre de possibilités de débordement d'allocation mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5.x;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware VIX API 1.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	N/A	VMware Server 1.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0009 du 04 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nQuatres vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware :\n\n-   la premi\u00e8re est pr\u00e9sente au niveau du pilote HGFS.sys, install\u00e9 par\n    l\u0027ensemble d\u0027outils VMTools. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire sous des privil\u00e8ges \u00e9lev\u00e9s sur\n    une machine virtuelle (guest) Windows ;\n-   la deuxi\u00e8me est due \u00e0 une erreur au niveau du d\u00e9mon vmware-authd.\n    Elle peut \u00eatre exploit\u00e9e sur une machine h\u00f4te Linux afin d\u0027obtenir\n    des privil\u00e8ges \u00e9lev\u00e9s ;\n-   la troisi\u00e8me r\u00e9sulte d\u0027une erreur dans le service de gestion\n    Openwsman. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e afin d\u0027obtenir\n    les privil\u00e8ges administrateur (root) sur un h\u00f4te Linux.\n-   la quatri\u00e8me vuln\u00e9rabilit\u00e9 r\u00e9sulte de plusieurs erreurs aux limites\n    dans VMware VIX API, entra\u00eenant un certain nombre de possibilit\u00e9s de\n    d\u00e9bordement d\u0027allocation m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5671"
    },
    {
      "name": "CVE-2008-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2097"
    },
    {
      "name": "CVE-2008-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2100"
    },
    {
      "name": "CVE-2008-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0967"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-291",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nvirtualisation VMware. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es en\nlocal afin de contourner la politique de s\u00e9curit\u00e9 ou d\u0027obtenir des\nprivil\u00e8ges \u00e9lev\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0009 du 04 juin 2008",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    }
  ]
}

FKIE_CVE-2007-5671

Vulnerability from fkie_nvd - Published: 2008-06-05 20:32 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
cve@mitre.org	http://secunia.com/advisories/30556	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.org	http://securityreason.com/securityalert/3922
cve@mitre.org	http://securitytracker.com/id?1020197
cve@mitre.org	http://www.securityfocus.com/archive/1/493080/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/493148/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/493172/100/0/threaded
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2008-0009.html
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1744
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30556	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3922
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020197
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493080/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493148/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493172/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0009.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1744
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688

Impacted products

Vendor	Product	Version
vmware	ace	1.0.0
vmware	ace	1.0.1
vmware	ace	1.0.2
vmware	ace	1.0.3
vmware	ace	1.0.4
vmware	esx_server	2.5.5
vmware	player	1.0.4
vmware	server	1.0.3
vmware	vmware_player	1.0.0
vmware	vmware_player	1.0.1
vmware	vmware_player	1.0.2
vmware	vmware_player	1.0.3
vmware	vmware_player	1.0.5
vmware	vmware_server	1.0.0
vmware	vmware_server	1.0.1
vmware	vmware_server	1.0.2
vmware	vmware_server	1.0.4
vmware	vmware_workstation	5.5.0
vmware	vmware_workstation	5.5.2
vmware	vmware_workstation	5.5.5
vmware	workstation	5.5.1
vmware	workstation	5.5.3
vmware	workstation	5.5.4
vmware	esx	2.5.4
vmware	esx	3.0.0
vmware	esx	3.0.1
vmware	esx	3.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADCA876-2B69-4267-8467-E7E470428D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
    },
    {
      "lang": "es",
      "value": "HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia  \\\\.\\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elecci\u00f3n en el n\u00facleo de la memoria del sistema huesped y as\u00ed obtener privilegios."
    }
  ],
  "id": "CVE-2007-5671",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-05T20:32:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020197"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-5671

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5671

Aliases

CVE-2007-5671

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5671",
    "description": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.",
    "id": "GSD-2007-5671"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5671"
      ],
      "details": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.",
      "id": "GSD-2007-5671",
      "modified": "2023-12-13T01:21:41.415787Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5671",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201209-25",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "ADV-2008-1744",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "name": "oval:org.mitre.oval:def:5688",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "30556",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30556"
          },
          {
            "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
          },
          {
            "name": "oval:org.mitre.oval:def:5358",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
          },
          {
            "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "1020197",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020197"
          },
          {
            "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
          },
          {
            "name": "3922",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3922"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5671"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "1020197",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020197"
            },
            {
              "name": "30556",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30556"
            },
            {
              "name": "3922",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3922"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:5688",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
            },
            {
              "name": "oval:org.mitre.oval:def:5358",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
            },
            {
              "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
            },
            {
              "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2008-06-05T20:32Z"
    }
  }
}

GHSA-RCVP-7793-9Q23

Vulnerability from github – Published: 2022-05-01 18:35 – Updated: 2022-05-01 18:35

Details

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-05T20:32:00Z",
    "severity": "MODERATE"
  },
  "details": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.",
  "id": "GHSA-rcvp-7793-9q23",
  "modified": "2022-05-01T18:35:43Z",
  "published": "2022-05-01T18:35:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5671"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020197"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5671 (GCVE-0-2007-5671)

CERTA-2008-AVI-291

Description

Solution

CERTA-2008-AVI-291

Description

Solution

FKIE_CVE-2007-5671

GSD-2007-5671

GHSA-RCVP-7793-9Q23

Tags

Sightings

Nomenclature