ID CVE-2008-4914
Summary Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:esx:3.5
    cpe:2.3:a:vmware:esx:3.5
  • cpe:2.3:a:vmware:esxi:3.5
    cpe:2.3:a:vmware:esxi:3.5
CVSS
Base: 4.7 (as of 03-02-2009 - 14:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family VMware ESX Local Security Checks
NASL id VMWARE_VMSA-2009-0001.NASL
description a. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts. A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator. VMware would like to thank Craig Marshall for reporting this issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4914 to this issue. b. Updated Service Console package net-snmp Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially- crafted request could cause the snmpd server to crash. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4309 to this issue. c. Updated Service Console package libxml2 An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue. A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue.
last seen 2019-02-21
modified 2018-08-06
plugin id 40387
published 2009-07-27
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=40387
title VMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packages
oval via4
accepted 2010-05-17T04:00:08.222-04:00
class vulnerability
contributors
  • name Michael Wood
    organization Hewlett-Packard
  • name Michael Wood
    organization Hewlett-Packard
  • name J. Daniel Brown
    organization DTCC
definition_extensions
  • comment VMWare ESX Server 3.0.3 is installed
    oval oval:org.mitre.oval:def:6026
  • comment VMWare ESX Server 3.0.2 is installed
    oval oval:org.mitre.oval:def:5613
  • comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
description Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.
family unix
id oval:org.mitre.oval:def:5909
status accepted
submitted 2009-09-23T15:39:02.000-04:00
title VMware ESX Server VMDK Delta Disk Processing Lets Local Administrative Users Deny Service
version 5
refmap via4
bid 33549
confirm http://www.vmware.com/security/advisories/VMSA-2009-0001.html
sectrack 1021654
secunia 33776
vupen ADV-2009-0301
Last major update 07-03-2011 - 22:13
Published 03-02-2009 - 14:30
Last modified 28-09-2017 - 21:32
Back to Top