Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 176678
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 176678 depends on: 176647 Show dependency tree
Bug 176678 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-05-01 12:41 0000 
Description:
Some vulnerabilities have been reported in VMware Workstation, which can be
exploited by malicious users to cause a DoS (Denial of Service) or bypass
certain security restrictions.

 1) An error exists within the ACPI implementation of the virtual machine
process (VMX) when collecting information about running states of virtual
machines, which can be exploited to cause the process to read from invalid
memory locations.

 2) An unspecified error exists within the VMX when storing certain malformed
configuration data, which can be exploited to cause a DoS of guest operating
systems.

 3) An unspecified error within the handling of general protection faults
(GPFs) in Windows guest operating systems can be exploited to crash Windows
virtual machines.

 4) Unspecified errors when debugging applications in a 64-bit Windows guest
operating system on a 64-bit host system can be exploited to e.g. cause
corrupted stack pointers or kernel bugchecks.

 5) A design error within the "Shared Folders" feature can be exploited in a
guest system to read and write arbitrary files on a host system.

 Successful exploitation requires that at least one folder is shared. In order
to write to host files, the "read only" option of the shared folder has to be
disabled.

Solution:
Update to VMware Workstation 5.5.4, Build 44386.

------- Comment #1 From Sune Kloppenborg Jeppesen 2007-05-08 06:15:43 0000 ------- 
vmware please advise and bump as necessary.

------- Comment #2 From Chris Gianelloni (RETIRED) 2007-05-09 20:17:17 0000 ------- 
Sorry, I'm semi-away.  I'll get to this one tomorrow.

------- Comment #3 From Patrizio Bassi 2007-05-11 08:07:36 0000 ------- 
Chris seems Vmware 6 is out.

take a look, you may bump to 6.0 directly :)

------- Comment #4 From Chris Gianelloni (RETIRED) 2007-05-14 18:49:55 0000 ------- 
I don't want 6 going stable directly.  I apologize.  I have the new 5.5.4 in my
overlay.  I am adding it to the VMware overlay and if I don't get any bad
regressions will throw it into the tree this evening.

------- Comment #5 From Chris Gianelloni (RETIRED) 2007-05-15 01:48:46 0000 ------- 
OK.  I added 5.5.4 to the tree.

------- Comment #6 From Sune Kloppenborg Jeppesen 2007-05-15 06:44:36 0000 ------- 
This one is ready for GLSA vote. I tend to vote NO.

------- Comment #7 From Christian Faulhammer 2007-05-15 07:05:58 0000 ------- 
(In reply to comment #6)
> This one is ready for GLSA vote. I tend to vote NO.

 I wonder why the arches are cced then.  Removing amd64 and x86

------- Comment #8 From Daniel Black 2007-05-19 23:16:31 0000 ------- 
voting no

------- Comment #9 From Matt Drew 2007-05-20 11:48:27 0000 ------- 
I also vote no - nothing really to see here.

------- Comment #10 From Sune Kloppenborg Jeppesen 2007-05-20 11:56:07 0000 ------- 
Closing with NO GLSA.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug