In association with heise online

07 November 2008, 10:07

Flaw in VMware's CPU emulation allows privilege elevation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMware has released updates for several of its products to solve two security problems. According to the vendor, the CPU hardware emulation contains a bug which causes trap flags to be processed incorrectly. The report says attackers could exploit this to elevate their privileges in guest systems. No further details were given.

While all product lines are generally affected, the flaw is no longer contained in the current Workstation and Player versions. All of the ESX and ESXi servers are still vulnerable. In addition, ESXi 3.5 and ESX 3.5 contain a directory traversal hole. The patches for the respective versions can be found in the vendor's original report.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-738031
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit