[转载]VMware Workstation Multiple Vulnerabilities
信息来源:邪恶八进制信息安全团队([url=http://www.eviloctal.com]www.eviloctal.com[/url])[table=98%][tr][td=1,1,30%][b]Secunia Advisory:[/b] [/td][td=1,1,45%]SA29413 [/td][td=1,5,25%] [/td][/tr][tr][td][b]Release Date:[/b] [/td][td]2008-03-17 [/td][/tr][tr][td]
[/td][/tr][tr][td][b]Critical:[/b] [/td][td=2,1][url=http://secunia.com/about_secunia_advisories/][img]http://secunia.com/gfx/crit_2.gif[/img]
[color=#0000ff]Less critical[/color][/url] [/td][/tr][tr][td][b]Impact:[/b] [/td][td=2,1]Privilege escalation
DoS
[/td][/tr][tr][td][b]Where:[/b] [/td][td=2,1]From remote
[/td][/tr][tr][td][b]Solution Status:[/b] [/td][td=2,1]Vendor Patch [/td][/tr][tr][td=3,1]
[/td][/tr][tr][td][b]Software:[/b][/td][td][url=http://secunia.com/product/14321/][color=#0000ff]VMware Workstation 6.x[/color][/url]
[/td][/tr][tr][td=2,1][color=#0000ff]
[/color][/td][/tr][tr][td][b]CVE reference:[/b][/td][td][url=http://secunia.com/cve_reference/CVE-2006-2940/][color=#0000ff]CVE-2006-2940[/color][/url] (Secunia mirror)
[url=http://secunia.com/cve_reference/CVE-2006-2937/][color=#0000ff]CVE-2006-2937[/color][/url] (Secunia mirror)
[url=http://secunia.com/cve_reference/CVE-2006-4343/][color=#0000ff]CVE-2006-4343[/color][/url] (Secunia mirror)
[/td][/tr][tr][td=3,1]
[/td][/tr][tr][td][/td][td=2,1][b]Want to know the next time vulnerabilities are fixed in this product?[/b]
- [url=http://corporate.secunia.com/how_to_buy/38/vulnerability_information_products_try/?ref=SA29413][color=#0000ff]Companies can be alerted via email and SMS![/color][/url][/td][/tr][tr][td=3,1][color=#0000ff]
[/color][/td][/tr][tr][td=3,1][float=right][color=#0000ff][/color][/float]
[b]Description[/b]:
Some vulnerabilities have been reported in VMware Server, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to cause a DoS (Denial of Service).
1) A vulnerability in "authd" can be exploited by malicious, local users to gain escalated privileges.
For more information:
[url=http://secunia.com/SA22130/][color=#0000ff]SA22130[/color][/url]
2) Some vulnerabilities in OpenSSL can potentially be exploited by malicious people to cause a DoS.
For more information:
[url=http://secunia.com/SA29412/][color=#0000ff]SA29412[/color][/url]
The vulnerabilities are reported in versions prior to 6.0.3.
Do you have this product installed on your home computer? Scan using the free [url=https://psi.secunia.com/][color=#0000ff]Personal Software Inspector[/color][/url]. Check if a vulnerable version is installed on computers in your corporate network, scan using the [url=http://secunia.com/network_software_inspector/][color=#0000ff]Network Software Inspector[/color][/url].
[b]Solution[/b]:
Update to version 6.0.3.
[b]Provided and/or discovered by[/b]:
Reported by the vendor.
[b]Original Advisory[/b]:
[url=http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html][color=#0000ff]http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html[/color][/url]
[b]Other References[/b]:
SA22130:
[url=http://secunia.com/advisories/22130/][color=#0000ff]http://secunia.com/advisories/22130/[/color][/url]
SA29412:
[url=http://secunia.com/advisories/29412/][color=#810081]http://secunia.com/advisories/29412/[/color][/url]
[table=98%][tr][td=2,1][table=98%][tr][td=3,1][i]Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.[/i] [/td][/tr][/table][/td][/tr][tr][td=2,1]
[/td][/tr][tr][td=2,1][color=black][size=11px][b]4 Related Secunia Security Advisories[/b][/size][/color] [/td][/tr][tr][td]
[/td][/tr][tr][td=2,1]1. [url=http://secunia.com/advisories/29117/][color=#0000ff]VMware Products Shared Folders Directory Traversal Vulnerability[/color][/url] [/td][/tr][tr][td=2,1]2. [url=http://secunia.com/advisories/26890/][color=#0000ff]VMWare Products Multiple Vulnerabilities[/color][/url] [/td][/tr][tr][td=2,1]3. [url=http://secunia.com/advisories/25079/][color=#0000ff]VMware Products Multiple Vulnerabilities[/color][/url] [/td][/tr][tr][td=2,1]4. [url=http://secunia.com/advisories/21120/][color=#0000ff]VMware vmware-config.pl Insecure SSL Key File Permissions[/color][/url] [/td][/tr][/table]
[/td][/tr][/table]
[[i] 本帖最后由 ring04h 于 2008-3-18 15:40 编辑 [/i]]
页:
[1]