Lucene search

K
vmwareVMwareVMSA-2008-0005
HistoryMar 17, 2008 - 12:00 a.m.

Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line

2008-03-1700:00:00
www.vmware.com
42

EPSS

0.301

Percentile

97.0%

a. Host to guest shared folder (HGFS) traversal vulnerability
On Windows hosts, if you have configured a VMware host to guest shared folder (HGFS), it is possible for a program running in the guest to gain access to the host’s file system and create or modify executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn’t use host to guest shared folders. No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture and not a hosted architecture, and it doesn’t include any shared folder abilities. Fusion and Linux based hosted products are unaffected.

VMware would like to thank CORE Security Technologies for working with us on this issue. This addresses advisory CORE-2007-0930.

The Common Vulnerabilities and exposures project (cve.mitre.org) has assigned the name CVE-2008-0923 to this issue.

Hosted products
---------------

VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846