43897 : VMware Multiple Products Application Data Folder config.ini Handling Local Privilege Escalation
Printer | http://osvdb.org/43897 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

6 months ago

Percent Complete

60%

Disclosure

Mar 17, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

VMware Server contains a flaw that may allow a malicious local user to gain access to unauthorized privileges. The issue is triggered when 'authd' connects to opened pipes controled by the attacker occurs. This flaw may lead to a loss of Confidentiality and Integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity

Products

VMware, Inc.	Server	1.0.4
		0.x

References

Security Tracker: 1019622
CVE ID: 2008-1363 (see also: NVD)
Bugtraq ID: 28276
ISS X-Force ID: 41252
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-03/0252.html
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
Vendor Specific News/Changelog Entry: http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Tools & Filters

Nessus	31729

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Products

VMware, Inc.

Server

References

Tools & Filters

Credit

Blogs

Comments