GLSA
Veteran
Joined: 12 May 2004
Posts: 1303
|
 Posted: Sat Jan 07, 2006 9:26 pm Post subject: [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT |
 |
|
Gentoo Linux Security Advisory
Title: VMware Workstation: Vulnerability in NAT networking (GLSA 200601-04)
Severity: high
Exploitable: remote and local
Date: January 07, 2006
Updated: May 25, 2006
Bug(s): #116238
ID: 200601-04
Synopsis
VMware guest operating systems can execute arbitrary code with elevated privileges on the host operating system through a flaw in NAT networking.
Background
VMware Workstation is a powerful virtual machine for developers and system administrators.
Affected Packages
Package: app-emulation/vmware-workstation
Vulnerable: < 5.5.1.19175
Unaffected: >= 5.5.1.19175
Unaffected: >= 4.5.3.19414 < 4.5.3.19415
Unaffected: >= 3.2.1.2242-r10 < 3.2.1.2243
Architectures: All supported architectures
Description
Tim Shelton discovered that vmnet-natd, the host module providing NAT-style networking for VMware guest operating systems, is unable to process incorrect 'EPRT' and 'PORT' FTP requests.
Impact
Malicious guest operating systems using the NAT networking feature or local VMware Workstation users could exploit this vulnerability to execute arbitrary code on the host system with elevated privileges.
Workaround
Disable the NAT service by following the instructions at http://www.vmware.com/support/kb , Answer ID 2002.
Resolution
All VMware Workstation users should upgrade to a fixed version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose app-emulation/vmware-workstation |
References
CVE-2005-4459
VMware Security Response
Last edited by GLSA on Mon Jul 24, 2006 4:19 am; edited 4 times in total |
|
News & Announcements
