GSD-2008-1362
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-1362",
"description": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361.",
"id": "GSD-2008-1362"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-1362"
],
"details": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361.",
"id": "GSD-2008-1362",
"modified": "2023-12-13T01:23:03.124829Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1362"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28276",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "1019621",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "3755",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-11T20:32Z",
"publishedDate": "2008-03-20T00:44Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…