Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 297367 (CVE-2009-2267) - <app-emulation/vmware-{workstation-6.5.3,player-2.5.3,server-1.0.10.203137,server-2.0.2.23138} privilege escalation (CVE-2009-{2267,3707,3733})
Summary: <app-emulation/vmware-{workstation-6.5.3,player-2.5.3,server-1.0.10.203137,se...
Status: RESOLVED FIXED
Alias: CVE-2009-2267
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.vmware.com/security/adviso...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-18 00:41 UTC by Stefan Behte (RETIRED)
Modified: 2012-09-29 16:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 00:41:06 UTC 
CVE-2009-2267 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267):
  VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player
  2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build
  185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before
  2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839,
  VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0,
  when Virtual-8086 mode is used, do not properly set the exception
  code upon a page fault (aka #PF) exception, which allows guest OS
  users to gain privileges on the guest OS by specifying a crafted
  value for the cs register.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 00:43:26 UTC 
I think we only need an ebuild for the stable series of vmware-server, 1.0.10.203137.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 01:29:28 UTC 
CVE-2009-3707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707):
  VMware Authentication Daemon 1.0 in vmware-authd.exe 6.5.3.8888 in
  the VMware Authorization Service 2.5.3 and earlier in VMware
  Workstation 6.5.3 build 185404, VMware Player 2.5.2 build 156735 and
  2.5.3 build 185404, and VMware ACE 2.5.3 allows remote attackers to
  cause a denial of service (process crash) via a \x25\xFF sequence in
  the USER and PASS commands, related to a "format string DoS" issue. 
  NOTE: some of these details are obtained from third party information.

CVE-2009-3733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733):
  Directory traversal vulnerability in VMware Server 1.x before 1.0.10
  build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi
  3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read
  arbitrary files via unspecified vectors.
Comment 3 Vadim Kuznetsov (RETIRED) gentoo-dev 2009-12-18 16:17:14 UTC 
(In reply to comment #1)
> I think we only need an ebuild for the stable series of vmware-server,
> 1.0.10.203137.
> 

*vmware-server-1.0.10.203137 (18 Dec 2009)

  18 Dec 2009; Vadim Kuznetsov <vadimk@gentoo.org>
  +vmware-server-1.0.10.203137.ebuild:
  Bug 297367


I have not run it nor tested it.

Thanks.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-01-04 17:04:23 UTC 
Hi Vadim, is this ok for stabilization now?
Comment 5 Vadim Kuznetsov (RETIRED) gentoo-dev 2010-01-11 13:45:09 UTC 
(In reply to comment #4)
> Hi Vadim, is this ok for stabilization now?
 
I will try to find hardware and time to test it this week before I say yes or no.
I had no luck last week. :( 
I have not invested much effort into vmware server 1, though. Any help is welcome!

Thanks.
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 20:34:07 UTC 
Can it go stable now?
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2011-12-15 12:46:53 UTC 
Vulnerable versions have been removed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-29 16:26:28 UTC 
This issue was resolved and addressed in
 GLSA 201209-25 at http://security.gentoo.org/glsa/glsa-201209-25.xml
by GLSA coordinator Sean Amoss (ackle).