ID CVE-2008-1364
Summary Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.
References
Vulnerable Configurations
  • VMWare ACE 1.0
    cpe:2.3:a:vmware:ace:1.0
  • VMWare ACE 2.0
    cpe:2.3:a:vmware:ace:2.0
  • VMware Player 1.0.2
    cpe:2.3:a:vmware:player:1.0.2
  • VMware Player 1.0.3
    cpe:2.3:a:vmware:player:1.0.3
  • VMWare Player 1.0.4
    cpe:2.3:a:vmware:player:1.0.4
  • VMware Player 1.0.5
    cpe:2.3:a:vmware:player:1.0.5
  • VMWare Player 2.0
    cpe:2.3:a:vmware:player:2.0
  • VMware Player 2.0.1
    cpe:2.3:a:vmware:player:2.0.1
  • VMware Player 2.0.2
    cpe:2.3:a:vmware:player:2.0.2
  • VMWare Server 1.0.3
    cpe:2.3:a:vmware:server:1.0.3
  • cpe:2.3:a:vmware:vmware_server:1.0.2
    cpe:2.3:a:vmware:vmware_server:1.0.2
  • cpe:2.3:a:vmware:vmware_server:1.0.4
    cpe:2.3:a:vmware:vmware_server:1.0.4
  • cpe:2.3:a:vmware:vmware_workstation:5.5.5
    cpe:2.3:a:vmware:vmware_workstation:5.5.5
  • cpe:2.3:a:vmware:vmware_workstation:6.0.1
    cpe:2.3:a:vmware:vmware_workstation:6.0.1
  • cpe:2.3:a:vmware:vmware_workstation:6.0.2
    cpe:2.3:a:vmware:vmware_workstation:6.0.2
  • VMWare VMWare 5.5
    cpe:2.3:a:vmware:workstation:5.5
  • VMWare VMWare Workstation 5.5.3 build 34685
    cpe:2.3:a:vmware:workstation:5.5.3_build_34685
  • VMWare VMWare Workstation 5.5.3 build 42958
    cpe:2.3:a:vmware:workstation:5.5.3_build_42958
  • VMWare VMWare 5.5.4
    cpe:2.3:a:vmware:workstation:5.5.4
  • VMWare VMWare Workstation 5.5.4 build 44386
    cpe:2.3:a:vmware:workstation:5.5.4_build_44386
  • VMWare VMWare 6.0
    cpe:2.3:a:vmware:workstation:6.0
CVSS
Base: 7.8 (as of 20-03-2008 - 11:20)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 62383
    published 2012-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62383
    title GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities
  • NASL family Windows
    NASL id VMWARE_MULTIPLE_VMSA_2008_0005.NASL
    description VMware products installed on the remote host are affected by multiple vulnerabilities : - The 'authd' process is affected by a privilege escalation vulnerability that could allow an attacker to execute arbitrary code with system level privileges or cause a denial of service condition. - A feature in VMware workstation version 6.0.2 could allow anonymous console access to guest host via VIX API, which could result in unauthorized access. This feature has been disabled in version 6.0.3. - Windows based VMware hosts are affected by a privilege escalation vulnerability. By manipulating 'config.ini' an attacker may be able to gain elevated privileges by hijacking the VMware VMX process. - Multiple VMware products are affected by a directory traversal vulnerability. If a Windows based VMware host is configured to allow shared access from a guest host to a folder on the Host system (HGFS), it may be possible to gain access to the Host file system from guest OS and create/modify arbitrary executable files. VMware Server is not affected by this vulnerability. - Multiple VMware products hosted on a Windows 2000 host are affected by a privilege escalation vulnerability. - Multiple VMware products are vulnerable to a potential denial of service attack.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 31729
    published 2008-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31729
    title VMware Products Multiple Vulnerabilities (VMSA-2008-0005)
refmap via4
bid
  • 28276
  • 28289
bugtraq 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
confirm
gentoo GLSA-201209-25
mlist [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
sectrack 1019623
sreason 3755
vupen ADV-2008-0905
xf vmware-dhcp-unspecified-dos(41254)
statements via4
contributor Mark J Cox
lastmodified 2008-06-03
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 14-05-2013 - 22:39
Published 19-03-2008 - 20:44
Last modified 11-10-2018 - 16:32
Back to Top