cvelistv5 - cve-2008-0967

CVE-2008-0967 (GCVE-0-2008-0967)

Vulnerability from cvelistv5 – Published: 2008-06-05 20:21 – Updated: 2024-08-07 08:01

Summary

Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://security.gentoo.org/glsa/glsa-201209-25.xml	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2008/1744	vdb-entryx_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/29557	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/30556	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/493080/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1020198	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://securityreason.com/securityalert/3922	third-party-advisoryx_refsource_SREASON
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:01:40.101Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "ADV-2008-1744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "29557",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29557"
          },
          {
            "name": "oval:org.mitre.oval:def:4768",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
          },
          {
            "name": "30556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30556"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "1020198",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020198"
          },
          {
            "name": "vmware-vmwareauthd-privilege-escalation(42878)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
          },
          {
            "name": "oval:org.mitre.oval:def:5583",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
          },
          {
            "name": "3922",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3922"
          },
          {
            "name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "ADV-2008-1744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1744"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
        },
        {
          "name": "29557",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29557"
        },
        {
          "name": "oval:org.mitre.oval:def:4768",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
        },
        {
          "name": "30556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30556"
        },
        {
          "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
        },
        {
          "name": "1020198",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020198"
        },
        {
          "name": "vmware-vmwareauthd-privilege-escalation(42878)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
        },
        {
          "name": "oval:org.mitre.oval:def:5583",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
        },
        {
          "name": "3922",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3922"
        },
        {
          "name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0967",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "29557",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29557"
            },
            {
              "name": "oval:org.mitre.oval:def:4768",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
            },
            {
              "name": "30556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30556"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            },
            {
              "name": "1020198",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020198"
            },
            {
              "name": "vmware-vmwareauthd-privilege-escalation(42878)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
            },
            {
              "name": "oval:org.mitre.oval:def:5583",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
            },
            {
              "name": "3922",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3922"
            },
            {
              "name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0967",
    "datePublished": "2008-06-05T20:21:00",
    "dateReserved": "2008-02-25T00:00:00",
    "dateUpdated": "2024-08-07T08:01:40.101Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADCA876-2B69-4267-8467-E7E470428D32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB4346ED-5837-4784-8D87-6C148BA4AAA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15063D48-B55F-41C4-8AE3-CB96F1F1BB86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D40A48BB-A2E5-4D27-8E11-DE9D1CF08FC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD59C463-F352-4F6C-853F-415E3FB4ABDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E76D03A3-DB55-48A2-B5A5-64002D28B95F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47B13A58-1876-4322-AC25-107D43BABD2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D04A928-4421-4BEE-9500-7398E4DB929B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"088450C4-9C6F-4651-8D59-C36F1B0601BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA35C066-90A9-4DE2-A97A-38A6CFC59A42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F7AD12A-26C9-48AD-A32A-0F56545DF8E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73C45BB0-C0DB-42B8-A238-B81D836CF91E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"297226F7-05CB-4721-9D02-51FE2919D2DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D3F9D4D-2116-49A7-9292-AF6B4456E175\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8DD6D27-1335-44EF-8B69-A9163A67BC2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B2C792F-48DA-46B5-B42E-9A045B393531\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6968BBA4-3A55-4495-ACB2-6F7535EBEAF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6FFF35E-DCFC-4C13-8C5A-7CE80A161370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E6F9A4A-41B0-48D9-B60C-EBF4EF899953\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"270D5FAD-A226-4F6F-BF0B-2C6D91C525D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"504CD24F-2EC6-45C0-8E46-69BAE8483521\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B32C157-020F-400B-970C-B93CF573EB27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B7632A4-D120-434D-B35A-303640DB37AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DFFE01E-BD0A-432E-B47C-D68DAADDD075\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02EBBFDD-AC46-481A-8DA7-64619B447637\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"294B621F-6C1A-4571-AE13-49495680D255\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BA47458-E783-4A6A-ABF1-59E8D87E9B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16A1141D-9718-4A22-8FF2-AEAD28E07291\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89329F80-7134-4AB2-BDA3-E1B887F633B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ruta de b\\u00fasqueda no confiable en vmware-authd en VMware Workstation versi\\u00f3n 5.x anterior a 5.5.7 build 91707 y versi\\u00f3n 6.x anterior a 6.0.4 build 93057, VMware Player versi\\u00f3n 1.x anterior a 1.0.7 build 91707 y versi\\u00f3n 2.x anterior a 2.0.4 build 93057, y VMware Server anterior a 1.0.6 build 91891 en Linux, y VMware ESXi versi\\u00f3n 3.5 y VMware ESX versi\\u00f3n 2.5.4 hasta 3.5, permite a los usuarios locales obtener privilegios por medio de una opci\\u00f3n de path library en un archivo de configuraci\\u00f3n.\"}]",
      "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \r\n\u0027CWE-426: Untrusted Search Path\u0027",
      "id": "CVE-2008-0967",
      "lastModified": "2024-11-21T00:43:20.430",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-06-05T20:32:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30556\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3922\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1020198\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493080/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/29557\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1744\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42878\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30556\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1020198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/493080/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29557\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1744\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42878\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0967\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-06-05T20:32:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda no confiable en vmware-authd en VMware Workstation versi\u00f3n 5.x anterior a 5.5.7 build 91707 y versi\u00f3n 6.x anterior a 6.0.4 build 93057, VMware Player versi\u00f3n 1.x anterior a 1.0.7 build 91707 y versi\u00f3n 2.x anterior a 2.0.4 build 93057, y VMware Server anterior a 1.0.6 build 91891 en Linux, y VMware ESXi versi\u00f3n 3.5 y VMware ESX versi\u00f3n 2.5.4 hasta 3.5, permite a los usuarios locales obtener privilegios por medio de una opci\u00f3n de path library en un archivo de configuraci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADCA876-2B69-4267-8467-E7E470428D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB4346ED-5837-4784-8D87-6C148BA4AAA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15063D48-B55F-41C4-8AE3-CB96F1F1BB86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D40A48BB-A2E5-4D27-8E11-DE9D1CF08FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD59C463-F352-4F6C-853F-415E3FB4ABDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E76D03A3-DB55-48A2-B5A5-64002D28B95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B13A58-1876-4322-AC25-107D43BABD2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D04A928-4421-4BEE-9500-7398E4DB929B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088450C4-9C6F-4651-8D59-C36F1B0601BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA35C066-90A9-4DE2-A97A-38A6CFC59A42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F7AD12A-26C9-48AD-A32A-0F56545DF8E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73C45BB0-C0DB-42B8-A238-B81D836CF91E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"297226F7-05CB-4721-9D02-51FE2919D2DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D3F9D4D-2116-49A7-9292-AF6B4456E175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DD6D27-1335-44EF-8B69-A9163A67BC2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B2C792F-48DA-46B5-B42E-9A045B393531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6968BBA4-3A55-4495-ACB2-6F7535EBEAF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6FFF35E-DCFC-4C13-8C5A-7CE80A161370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E6F9A4A-41B0-48D9-B60C-EBF4EF899953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"270D5FAD-A226-4F6F-BF0B-2C6D91C525D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"504CD24F-2EC6-45C0-8E46-69BAE8483521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B32C157-020F-400B-970C-B93CF573EB27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B7632A4-D120-434D-B35A-303640DB37AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DFFE01E-BD0A-432E-B47C-D68DAADDD075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02EBBFDD-AC46-481A-8DA7-64619B447637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294B621F-6C1A-4571-AE13-49495680D255\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BA47458-E783-4A6A-ABF1-59E8D87E9B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A1141D-9718-4A22-8FF2-AEAD28E07291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89329F80-7134-4AB2-BDA3-E1B887F633B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"974D84A6-F5AB-4F0A-B9B5-9095A0E4733C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C3613B7-CA1B-4C9A-9076-A2894202DDA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30556\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3922\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1020198\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29557\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42878\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30556\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1020198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/493080/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29557\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42878\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/426.html \\r\\n\u0027CWE-426: Untrusted Search Path\u0027\"}}"
  }
}

FKIE_CVE-2008-0967

Vulnerability from fkie_nvd - Published: 2008-06-05 20:32 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
cve@mitre.org	http://secunia.com/advisories/30556	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.org	http://securityreason.com/securityalert/3922
cve@mitre.org	http://securitytracker.com/id?1020198
cve@mitre.org	http://www.securityfocus.com/archive/1/493080/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/29557
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1744	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30556	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3922
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020198
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/493080/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29557
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1744	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583

Impacted products

Vendor	Product	Version
vmware	esx_server	2.5.5
vmware	esx_server	3.1
vmware	esx_server	3.2
vmware	esx_server	3.3
vmware	esx_server	3.5
vmware	esxi	3.5
vmware	player	1.0.0
vmware	player	1.0.1
vmware	player	1.0.2
vmware	player	1.0.3
vmware	player	1.0.4
vmware	player	1.0.5
vmware	player	1.0.6
vmware	player	2.0
vmware	player	2.0.1
vmware	player	2.0.2
vmware	player	2.0.3
vmware	server	1.0.3
vmware	vmware_server	1.0.0
vmware	vmware_server	1.0.1
vmware	vmware_server	1.0.2
vmware	vmware_server	1.0.4
vmware	vmware_server	1.0.5
vmware	vmware_workstation	5.5.0
vmware	vmware_workstation	5.5.2
vmware	vmware_workstation	5.5.5
vmware	vmware_workstation	5.5.6
vmware	vmware_workstation	6.0.1
vmware	vmware_workstation	6.0.2
vmware	vmware_workstation	6.0.3
vmware	workstation	5.5.1
vmware	workstation	5.5.3
vmware	workstation	5.5.4
vmware	workstation	6.0
vmware	esx	3.0.0
vmware	esx	3.0.1
vmware	esx	3.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADCA876-2B69-4267-8467-E7E470428D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4346ED-5837-4784-8D87-6C148BA4AAA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "15063D48-B55F-41C4-8AE3-CB96F1F1BB86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D40A48BB-A2E5-4D27-8E11-DE9D1CF08FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E6F9A4A-41B0-48D9-B60C-EBF4EF899953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en vmware-authd en VMware Workstation versi\u00f3n 5.x anterior a 5.5.7 build 91707 y versi\u00f3n 6.x anterior a 6.0.4 build 93057, VMware Player versi\u00f3n 1.x anterior a 1.0.7 build 91707 y versi\u00f3n 2.x anterior a 2.0.4 build 93057, y VMware Server anterior a 1.0.6 build 91891 en Linux, y VMware ESXi versi\u00f3n 3.5 y VMware ESX versi\u00f3n 2.5.4 hasta 3.5, permite a los usuarios locales obtener privilegios por medio de una opci\u00f3n de path library en un archivo de configuraci\u00f3n."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \r\n\u0027CWE-426: Untrusted Search Path\u0027",
  "id": "CVE-2008-0967",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-05T20:32:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020198"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29557"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-291

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits de virtualisation VMware. Ces vulnérabilités peuvent être exploitées en local afin de contourner la politique de sécurité ou d'obtenir des privilèges élevés.

Description

Quatres vulnérabilités ont été découvertes dans les produits VMware :

la première est présente au niveau du pilote HGFS.sys, installé par l'ensemble d'outils VMTools. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire sous des privilèges élevés sur une machine virtuelle (guest) Windows ;
la deuxième est due à une erreur au niveau du démon vmware-authd. Elle peut être exploitée sur une machine hôte Linux afin d'obtenir des privilèges élevés ;
la troisième résulte d'une erreur dans le service de gestion Openwsman. Cette vulnérabilité peut être exploitée afin d'obtenir les privilèges administrateur (root) sur un hôte Linux.
la quatrième vulnérabilité résulte de plusieurs erreurs aux limites dans VMware VIX API, entraînant un certain nombre de possibilités de débordement d'allocation mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5.x;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware VIX API 1.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	N/A	VMware Server 1.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0009 du 04 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nQuatres vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware :\n\n-   la premi\u00e8re est pr\u00e9sente au niveau du pilote HGFS.sys, install\u00e9 par\n    l\u0027ensemble d\u0027outils VMTools. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire sous des privil\u00e8ges \u00e9lev\u00e9s sur\n    une machine virtuelle (guest) Windows ;\n-   la deuxi\u00e8me est due \u00e0 une erreur au niveau du d\u00e9mon vmware-authd.\n    Elle peut \u00eatre exploit\u00e9e sur une machine h\u00f4te Linux afin d\u0027obtenir\n    des privil\u00e8ges \u00e9lev\u00e9s ;\n-   la troisi\u00e8me r\u00e9sulte d\u0027une erreur dans le service de gestion\n    Openwsman. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e afin d\u0027obtenir\n    les privil\u00e8ges administrateur (root) sur un h\u00f4te Linux.\n-   la quatri\u00e8me vuln\u00e9rabilit\u00e9 r\u00e9sulte de plusieurs erreurs aux limites\n    dans VMware VIX API, entra\u00eenant un certain nombre de possibilit\u00e9s de\n    d\u00e9bordement d\u0027allocation m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5671"
    },
    {
      "name": "CVE-2008-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2097"
    },
    {
      "name": "CVE-2008-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2100"
    },
    {
      "name": "CVE-2008-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0967"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-291",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nvirtualisation VMware. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es en\nlocal afin de contourner la politique de s\u00e9curit\u00e9 ou d\u0027obtenir des\nprivil\u00e8ges \u00e9lev\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0009 du 04 juin 2008",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    }
  ]
}

CERTA-2008-AVI-291

Vulnerability from certfr_avis - Published: - Updated:

Description

Quatres vulnérabilités ont été découvertes dans les produits VMware :

la première est présente au niveau du pilote HGFS.sys, installé par l'ensemble d'outils VMTools. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire sous des privilèges élevés sur une machine virtuelle (guest) Windows ;
la deuxième est due à une erreur au niveau du démon vmware-authd. Elle peut être exploitée sur une machine hôte Linux afin d'obtenir des privilèges élevés ;
la troisième résulte d'une erreur dans le service de gestion Openwsman. Cette vulnérabilité peut être exploitée afin d'obtenir les privilèges administrateur (root) sur un hôte Linux.
la quatrième vulnérabilité résulte de plusieurs erreurs aux limites dans VMware VIX API, entraînant un certain nombre de possibilités de débordement d'allocation mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware ACE 1.x ;
VMware	N/A	VMware Player 1.x ;
VMware	N/A	VMware Workstation 5.x;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware VIX API 1.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	N/A	VMware Server 1.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0009 du 04 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ACE 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Player 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation 5.x;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VIX API 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Server 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nQuatres vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware :\n\n-   la premi\u00e8re est pr\u00e9sente au niveau du pilote HGFS.sys, install\u00e9 par\n    l\u0027ensemble d\u0027outils VMTools. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    permet d\u0027ex\u00e9cuter du code arbitraire sous des privil\u00e8ges \u00e9lev\u00e9s sur\n    une machine virtuelle (guest) Windows ;\n-   la deuxi\u00e8me est due \u00e0 une erreur au niveau du d\u00e9mon vmware-authd.\n    Elle peut \u00eatre exploit\u00e9e sur une machine h\u00f4te Linux afin d\u0027obtenir\n    des privil\u00e8ges \u00e9lev\u00e9s ;\n-   la troisi\u00e8me r\u00e9sulte d\u0027une erreur dans le service de gestion\n    Openwsman. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e afin d\u0027obtenir\n    les privil\u00e8ges administrateur (root) sur un h\u00f4te Linux.\n-   la quatri\u00e8me vuln\u00e9rabilit\u00e9 r\u00e9sulte de plusieurs erreurs aux limites\n    dans VMware VIX API, entra\u00eenant un certain nombre de possibilit\u00e9s de\n    d\u00e9bordement d\u0027allocation m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5671"
    },
    {
      "name": "CVE-2008-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2097"
    },
    {
      "name": "CVE-2008-2100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2100"
    },
    {
      "name": "CVE-2008-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0967"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-291",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits de\nvirtualisation VMware. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es en\nlocal afin de contourner la politique de s\u00e9curit\u00e9 ou d\u0027obtenir des\nprivil\u00e8ges \u00e9lev\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0009 du 04 juin 2008",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    }
  ]
}

GHSA-W7JW-WHGF-5MGF

Vulnerability from github – Published: 2022-05-01 23:35 – Updated: 2022-05-01 23:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0967"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-06-05T20:32:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.",
  "id": "GHSA-w7jw-whgf-5mgf",
  "modified": "2022-05-01T23:35:09Z",
  "published": "2022-05-01T23:35:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0967"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020198"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/29557"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0967

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0967

Aliases

CVE-2008-0967

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0967",
    "description": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.",
    "id": "GSD-2008-0967"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0967"
      ],
      "details": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.",
      "id": "GSD-2008-0967",
      "modified": "2023-12-13T01:22:59.055215Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0967",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201209-25",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "ADV-2008-1744",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "29557",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/29557"
          },
          {
            "name": "oval:org.mitre.oval:def:4768",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
          },
          {
            "name": "30556",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30556"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "1020198",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020198"
          },
          {
            "name": "vmware-vmwareauthd-privilege-escalation(42878)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
          },
          {
            "name": "oval:org.mitre.oval:def:5583",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
          },
          {
            "name": "3922",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3922"
          },
          {
            "name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0967"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "1020198",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020198"
            },
            {
              "name": "30556",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30556"
            },
            {
              "name": "3922",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3922"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "29557",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/29557"
            },
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "vmware-vmwareauthd-privilege-escalation(42878)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878"
            },
            {
              "name": "oval:org.mitre.oval:def:5583",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583"
            },
            {
              "name": "oval:org.mitre.oval:def:4768",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2008-06-05T20:32Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0967 (GCVE-0-2008-0967)

FKIE_CVE-2008-0967

CERTA-2008-AVI-291

Description

Solution

CERTA-2008-AVI-291

Description

Solution

GHSA-W7JW-WHGF-5MGF

GSD-2008-0967

Tags

Sightings

Nomenclature