Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2007-5671: VMware Player, Server, Workstation: Multiple vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2007-5671: VMware Player, Server, Workstation: Multiple vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

06/05/2008

Created

07/25/2018

Added

10/30/2017

Modified

10/30/2017

Description

HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.

Solution(s)

gentoo-linux-upgrade-app-emulation-vmware-player
gentoo-linux-upgrade-app-emulation-vmware-server
gentoo-linux-upgrade-app-emulation-vmware-workstation

References

https://attackerkb.com/topics/cve-2007-5671
CVE - 2007-5671
201209-25
OVAL5358
OVAL5688

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;