VMCI/HGFS VmWare Code Execution Vulnerability (Windows)

VMware Code Execution Vulnerability in Window

Reporter	Title	Published	Views	Family All 25
CVE	CVE-2008-2098	2 Jun 200814:00	–	cve
CVE	CVE-2008-2099	2 Jun 200814:00	–	cve
Cvelist	CVE-2008-2098	2 Jun 200814:00	–	cvelist
Cvelist	CVE-2008-2099	2 Jun 200814:00	–	cvelist
EUVD	EUVD-2008-2095	7 Oct 202500:30	–	euvd
EUVD	EUVD-2008-2096	7 Oct 202500:30	–	euvd
Tenable Nessus	GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities	1 Oct 201200:00	–	nessus
Tenable Nessus	VMware Products Multiple Vulnerabilities (VMSA-2008-0008)	3 Jun 200800:00	–	nessus
Gentoo Linux	VMware Player, Server, Workstation: Multiple vulnerabilities	29 Sep 201200:00	–	gentoo
NVD	CVE-2008-2098	2 Jun 200821:30	–	nvd

Source	Link
vmware	www.vmware.com/security/advisories/VMSA-2008-0008.html
secunia	www.secunia.com/advisories/30476/

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_vmware_prdts_mult_vuln_win.nasl 6518 2017-07-04 13:49:06Z cfischer $
#
# VMCI/HGFS VmWare Code Execution Vulnerability (Windows)
#
# Authors:
# Chandan S <[email protected]>
#
# Copyright:
# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation allow attackers to execute arbitrary code
  on the affected system and users could bypass certain security restrictions
  or can gain escalated privileges.
  Impact Level : System";

tag_insight = "VMCI is an optional feature that allows communication with one another.
  This vulnerability allows the guest systems to execute arbitrary code on
  the host in the context of vmx process. The issue affects Windows based
  VMWare hosts only.

  VMware Host Guest File System (HGFS) shared folders feature allows users
  to transfer data between a guest operating system and the host operating
  system. A heap buffer overflow exists in VMware HGFS which allows guest
  system to execute code in the context of vmx process on the host.
  The issue exists only when VMWare system has shared folder enabled.

  Successful exploitation requires that the vix.inGuest.enable configuration
  value is enabled";

tag_solution = "Upgrade VMware to below versions,
  VMware Workstation 6.0.4 or later.
  www.vmware.com/download/ws/

  VMware Player/ACE 2.0.4 or later.
  www.vmware.com/download/player/
  www.vmware.com/download/ace/";


tag_summary = "The host is installed with VMWare product(s) that are vulnerable
  to arbitrary code execution.";

tag_affected = "VMware ACE/Player 2.0.x - 2.0.3 on all Windows
  VMware Workstation 6.0.x - 6.0.3 on all Windows";

if(description)
{
  script_id(800002);
  script_version("$Revision: 6518 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-04 15:49:06 +0200 (Tue, 04 Jul 2017) $");
  script_tag(name:"creation_date", value:"2008-09-25 10:10:31 +0200 (Thu, 25 Sep 2008)");
  script_tag(name:"cvss_base", value:"6.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2008-2098", "CVE-2008-2099");
  script_bugtraq_id(29443);
  script_xref(name:"CB-A", value:"08-0087:");
  script_name("VMCI/HGFS VmWare Code Execution Vulnerability (Windows)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/30476/");
  script_xref(name : "URL" , value : "http://www.vmware.com/security/advisories/VMSA-2008-0008.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 Greenbone Networks GmbH");
  script_family("Buffer overflow");
  script_dependencies("gb_vmware_prdts_detect_win.nasl");
  script_mandatory_keys("VMware/Win/Installed");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


if(!get_kb_item("VMware/Win/Installed")){ # Is VMWare installed?
  exit(0);
}

# VMware Player
vmplayerVer = get_kb_item("VMware/Player/Win/Ver");
if(vmplayerVer)
{
  if(ereg(pattern:"^(2\.0\.[0-3])($|\..*)", string:vmplayerVer)){
    security_message(0);
  }
  exit(0);
}

# VMware Workstation
vmworkstnVer = get_kb_item("VMware/Workstation/Win/Ver");
if(vmworkstnVer)
{
  if(ereg(pattern:"^6\.0(\.[0-3])?$", string:vmworkstnVer)){
    security_message(0);
  }
  exit(0);
}

# VMware ACE
vmaceVer = get_kb_item("VMware/ACE/Win/Ver");
if(!vmaceVer){
  vmaceVer = get_kb_item("VMware/ACE\Dormant/Win/Ver");
}

if(vmaceVer)
{
  if(ereg(pattern:"^2\.0(\.[0-3])?$", string:vmaceVer)){
    security_message(0);
  }
}

04 Jul 2017 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.00099