Rapid7 Vulnerability & Exploit Database

VMware Player: Privilege escalation on 64-bit guest operating systems (VMSA-2008-0016) (CVE-2008-4279)

Back to Search

VMware Player: Privilege escalation on 64-bit guest operating systems (VMSA-2008-0016) (CVE-2008-4279)

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
10/06/2008
Created
07/25/2018
Added
11/30/2013
Modified
02/13/2015

Description

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.

Solution(s)

  • vmware-player-upgrade-1_0_8
  • vmware-player-upgrade-2_0_5

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;