Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA18162] VMware NAT Networking Buffer Overflow Vulnerability
>
>
> TITLE:
> VMware NAT Networking Buffer Overflow Vulnerability
>
> SECUNIA ADVISORY ID:
> SA18162
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/18162/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> System access
>
> WHERE:
> From local network
>
> SOFTWARE:
> VMware Workstation 5.x
> http://secunia.com/product/5080/
> VMware Workstation 4.x
> http://secunia.com/product/1445/
> VMware ACE 1.x
> http://secunia.com/product/6593/
> VMware GSX Server 1.x
> http://secunia.com/product/1443/
> VMware GSX Server 2.x
> http://secunia.com/product/1439/
> VMware GSX Server 3.x
> http://secunia.com/product/3315/
> VMware Player 1.x
> http://secunia.com/product/6594/
> VMware Workstation 2.x
> http://secunia.com/product/1442/
> VMware Workstation 3.x
> http://secunia.com/product/1441/
>
> DESCRIPTION:
> Tim Shelton has reported a vulnerability in VMware, which potentially
> can be exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to an error in "vmnat.exe" (Windows)
> and "vmnet-natd" (Linux) when handling certain FTP requests. This can
> be exploited to cause a heap-based buffer overflow via specially
> crafted "eprt" and "port" FTP requests sent from the guest OS.
>
> Successful exploitation allows arbitrary code execution on the host
> OS, but requires that NAT networking is enabled on the virtual
> machine.
>
> The vulnerability has been reported in the following products:
> * VMware Workstation 5.5 and prior.
> * VMware GSX Server 3.2 and prior.
> * VMware ACE 1.0.1 and prior.
> * VMware Player 1.0 and prior.
>
> SOLUTION:
> Update to the latest versions.
> http://www.vmware.com/download
>
> Alternatively, disable NAT networking on the virtual machine.
> http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2002
>
> PROVIDED AND/OR DISCOVERED BY:
> Tim Shelton
>
> ORIGINAL ADVISORY:
> VMware:
> http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000
>
> Tim Shelton:
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-Decemb
> er/040442.html
>
> ----------------------------------------------------------------------
|