VMware Workstation GPF denial of service

vmware-gpf-dos (33994)

Low Risk

Description:

VMware Workstation is vulnerable to a denial of service, caused by an unspecified vulnerability in general protection faults (GPFs) in Windows guest operating systems. A local attacker could exploit this vulnerability to crash the virtual machine.

Platforms Affected:

• VMware, Workstation 5.5.0
• VMware, Workstation 5.5.1
• VMware, Workstation 5.5.2
• VMware, Workstation 5.5.3

Remedy:

Upgrade to the latest version of VMware Workstation (5.5.4 Build 44386 or later), available from the VMware Workstation Web site. See References.

For VMware Server:
Upgrade to the latest version of VMware Server (1.0.3 Build 44356 or later), available from the VMware Web site. See References.

For VMware Player:
Upgrade to the latest version of VMware Player (1.0.4 Build 44386 or later), available from the VMware Web site. See References.

For VMware ACE:
Upgrade to the latest version of VMware ACE (1.0.3 Build 44385 or later), available from the VMware Web site. See References.

Consequences:

Denial of Service

References:

• Full-Disclosure Mailing List, Mon May 07 2007 - 17:51:22 CDT, VMSA-2007-0004 Multiple Denial-of-Service issues fixed at http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0097.html.
• VMware Workstation 5.5 Release Notes, New in Version 5.5.4 at http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554.
• VMware Workstation Web site, VMware Workstation Documentation at http://www.vmware.com/support/pubs/ws_pubs.html.
• BID-23732: VMware Multiple Denial Of Service Vulnerabilities
• CVE-2007-1069: The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).
• FrSIRT/ADV-2007-1592: VMware Products Multiple Remote Denial of Service and Security Bypass Vulnerabilities
• SA25079: VMware Products Multiple Vulnerabilities
• SECTRACK ID: 1018011: VMware Bugs Let Local Users Deny Service

Reported:

Apr 27, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page