A VMware product installed on the remote host is affected by multiple vulnerabilities :
A CPU hardware emulation flaw in certain VMware products could allow a virtual CPU to incorrectly handle a Trap flag. Successful exploitation of this issue could lead to privilege escalation on the guest operating system. An attacker would need an account on the guest operating system and the ability to run applications to exploit this issue. (CVE-2008-4915)
By sending a malicious request from the guest operating system to the virtual hardware, it may be possible to cause the virtual hardware to write to an uncontrolled section in the physical memory. (CVE-2008-4917)
#
# (C) Tenable Network Security, Inc.
#
if ( NASL_LEVEL < 3000 ) exit(0);
include("compat.inc");
if (description)
{
script_id(34818);
script_version("1.20");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/27");
script_cve_id("CVE-2008-4915", "CVE-2008-4917");
script_bugtraq_id(32168, 32597);
script_xref(name:"VMSA", value:"2008-0018");
script_xref(name:"VMSA", value:"2008-0019");
script_xref(name:"Secunia", value:"32612");
script_name(english:"VMware Products Multiple Vulnerabilities (VMSA-2008-0018/VMSA-2008-0019)");
script_summary(english:"Checks versions of multiple VMware products");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by multiple
vulnerabilities." );
script_set_attribute(attribute:"description", value:
"A VMware product installed on the remote host is affected by multiple
vulnerabilities :
- A CPU hardware emulation flaw in certain VMware
products could allow a virtual CPU to incorrectly
handle a Trap flag. Successful exploitation of this
issue could lead to privilege escalation on the guest
operating system. An attacker would need an account on
the guest operating system and the ability to run
applications to exploit this issue. (CVE-2008-4915)
- By sending a malicious request from the guest operating
system to the virtual hardware, it may be possible to
cause the virtual hardware to write to an uncontrolled
section in the physical memory. (CVE-2008-4917)" );
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2008-0018.html" );
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2008-0019.html" );
script_set_attribute(attribute:"solution", value:
"Upgrade to :
- VMware Workstation 6.5.0/5.5.9 or higher.
- VMware Player 2.5.0/1.0.9 or higher.
- VMware Server 1.0.8 or higher.
- VMware ACE 2.5.0/1.0.8 or higher." );
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-4917");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(264, 399);
script_set_attribute(attribute:"plugin_publication_date", value: "2008/11/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:ace");
script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_player");
script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_server");
script_set_attribute(attribute:"cpe",value:"cpe:/a:vmware:vmware_workstation");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2008-2024 Tenable Network Security, Inc.");
script_dependencies("vmware_workstation_detect.nasl","vmware_server_win_detect.nasl", "vmware_player_detect.nasl","vmware_ace_detect.nasl");
script_require_ports("VMware/Server/Version", "VMware/ACE/Version", "VMware/Player/Version", "Host/VMware Workstation/Version", 139, 445);
script_require_keys("SMB/Registry/Enumerated");
exit(0);
}
include("smb_func.inc");
var port = kb_smb_transport();
var report = "";
# Check for VMware ACE.
var version = get_kb_item("VMware/ACE/Version");
if (version)
{
var v = split(version, sep:".", keep:FALSE);
var i;
for (i=0; i<max_index(v); i++)
v[i] = int(v[i]);
if (( v[0] == 1 && v[1] == 0 && v[2] < 8 ) ||
( v[0] == 2 && v[1] < 5 )
)
{
if (report_verbosity)
{
report = strcat('\nVersion ', version,' of VMware ACE is installed on the remote host.\n');
security_warning(port:port, extra:report);
}
else
security_warning(port);
}
}
# Check for VMware Workstation
version = get_kb_item("Host/VMware Workstation/Version");
if (version)
{
v = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(v); i++)
v[i] = int(v[i]);
if (( v[0] < 5 ) ||
( v[0] == 5 && v[1] < 5 ) ||
( v[0] == 5 && v[1] == 5 && v[2] < 9 ) ||
( v[0] == 6 && v[1] < 5 )
)
{
if (report_verbosity)
{
report = strcat('\nVersion ', version,' of VMware Workstation is installed on the remote host.\n');
security_warning(port:port, extra:report);
}
else
security_warning(port);
}
exit(0);
}
# Check for VMware Server
version = get_kb_item("VMware/Server/Version");
if (version)
{
v = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(v); i++)
v[i] = int(v[i]);
if ( ( v[0] < 1 ) ||
( v[0] == 1 && v[1] == 0 && v[2] < 8 )
)
{
if (report_verbosity)
{
report = strcat('\nVersion ', version,' of VMware Server is installed on the remote host.\n');
security_warning(port:port, extra:report);
}
else
security_warning(port);
}
exit(0);
}
# Check for VMware Player
version = get_kb_item("VMware/Player/Version");
if (version)
{
v = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(v); i++)
v[i] = int(v[i]);
if ( ( v[0] < 1 ) ||
( v[0] == 1 && v[1] == 0 && v[2] < 9 ) ||
( v[0] == 2 && v[1] < 5 )
)
{
if (report_verbosity)
{
report = strcat('\nVersion ', version,' of VMware Player is installed on the remote host.\n');
security_warning(port:port, extra:report);
}
else
security_warning(port);
}
exit(0);
}
Vendor | Product | Version | CPE |
---|---|---|---|
vmware | vmware_player | cpe:/a:vmware:vmware_player | |
vmware | ace | cpe:/a:vmware:ace | |
vmware | vmware_server | cpe:/a:vmware:vmware_server | |
vmware | vmware_workstation | cpe:/a:vmware:vmware_workstation |