Multiple vulnerabilities have been identified in various VMware products, which could be exploited by attackers or malicious users to bypass security restrictions, cause a denial of service or take complete control of an affected system.
The first issue is caused by an unspecified memory corruption error that could allow a guest operating system user with administrative privileges to execute arbitrary code on the host system.
The second vulnerability is caused by an unspecified error that could allow a guest operating system user to cause a host process to become unresponsive or exit unexpectedly, creating a denial of service condition.
The third issue is caused by integer overflow and underflow errors in the DHCP server when processing malformed requests, which could be exploited by remote attackers to compromise an affected system.
The fourth vulnerability is caused by input validation errors in the "IntraProcessLogging.dll" and "vielib.dll" librairies, which could be exploited by attackers to overwrite arbitrary files.
The fifth issue is caused due to registered Windows services being started in an insecure manner, which could be exploited by malicious users to gain elevated privileges.
The sixth vulnerability is caused by an unspecified error that could prevent VMware Player from launching, leading to a denial of service condition.
Other security issues related to Samba, Bind, krb5, vixie-cron, shadow-utils, OpenLDAP, PAM, GCC and GDB have been addressed. For additional information, see : FrSIRT/ADV-2007-1805 - FrSIRT/ADV-2007-0349 - FrSIRT/ADV-2007-2337 - FrSIRT/ADV-2007-1412 - FrSIRT/ADV-2006-2006 - FrSIRT/ADV-2006-3824 - FrSIRT/ADV-2006-2866 - FrSIRT/ADV-2006-3433
Credits
Vulnerabilities reported by Rafal Wojtczvk (McAfee), Neel Mehta and Ryan Smith (ISS X-Force), Goodfellas Security Research Team and Foundstone.
ChangeLog
2007-09-20 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
