ISS X-Force Database: vmware-windebugging-unspecified(33993): VMware Workstation Windows guest debugging unspecified

VMware Workstation Windows guest debugging unspecified

vmware-windebugging-unspecified (33993)

Medium Risk

Description:

An unspecified vulnerability in VMware Workstation related to 64-bit Windows guest operating system debugging has an unknown impact and local attack vector.

Platforms Affected:

VMware, Workstation 5.5.0
VMware, Workstation 5.5.1
VMware, Workstation 5.5.2
VMware, Workstation 5.5.3

Remedy:

Upgrade to the latest version of VMware Workstation (5.5.4 Build 44386 or later), available from the VMware Workstation Web site. See References.

For VMware Server:
Upgrade to the latest version of VMware Server (1.0.3 Build 44356 or later), available from the VMware Web site. See References.

For VMware Player:
Upgrade to the latest version of VMware Player (1.0.4 Build 44386 or later), available from the VMware Web site. See References.

For VMware ACE:
Upgrade to the latest version of VMware ACE (1.0.3 Build 44385 or later), available from the VMware Web site. See References.

Consequences:

Other

References:

Full-Disclosure Mailing List, Mon May 07 2007 - 17:51:22 CDT, VMSA-2007-0004 Multiple Denial-of-Service issues fixed at http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0097.html.
VMware Workstation 5.5 Release Notes, New in Version 5.5.4 at http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554.
VMware Workstation Web site, VMware Workstation Documentation at http://www.vmware.com/support/pubs/ws_pubs.html.
BID-23732: VMware Multiple Denial Of Service Vulnerabilities
CVE-2007-1876: VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to corrupt the virtual machines register context by debugging a local program and stepping into a syscall instruction.
SA25079: VMware Products Multiple Vulnerabilities
SECTRACK ID: 1018011: VMware Bugs Let Local Users Deny Service
VUPEN/ADV-2007-1592: VMware Products Multiple Remote Denial of Service and Security Bypass Vulnerabilities

Reported:

Apr 27, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page