VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

2008-12-0200:00:00

www.vmware.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.086 Low

EPSS

Percentile

94.5%

JSON

a. Critical Memory corruption vulnerabilityA memory corruption condition may occur in the virtual machinehardware. A malicious request sent from the guest operatingsystem to the virtual hardware may cause the virtual hardware towrite to uncontrolled physical memory.VMware would like to thank Andrew Honig of the Department ofDefense for reporting this issue.The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2008-4917 to this issue.The following table lists what action remediates the vulnerability(column 4) if a solution is available.

CPENameOperatorVersion
workstationlt6.5.0 build 118166
workstationlt5.5.9 build 126128
playerlt2.5.0 build 118166
playerlt1.0.9 build 126128
acelt2.5.0 build 118166
acelt1.0.8 build 125922
serverlt1.0.8 build 126538
esxiltESX350-200811401-O-SG
esxltESX350-200811401-SG
esxltESX303-200811401-BG

Name	Operator	Version
workstation	lt	6.5.0 build 118166
workstation	lt	5.5.9 build 126128
player	lt	2.5.0 build 118166
player	lt	1.0.9 build 126128
ace	lt	2.5.0 build 118166
ace	lt	1.0.8 build 125922
server	lt	1.0.8 build 126538
esxi	lt	ESX350-200811401-O-SG
esx	lt	ESX350-200811401-SG
esx	lt	ESX303-200811401-BG