Oval Definition:	oval:org.mitre.oval:def:5688
Revision Date: 2010-05-17 Version: 3 Title: VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges Description: HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2007-5671 Platform(s): VMWare ESX Server 2 VMWare ESX Server 3 Product(s): Definition Synopsis VMWare ESX Server 3.0.2 meets CVE-2007-5671 VMWare ESX Server 3.0.2 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004727 is not installed OR Patch ESX-1004821 is not installed OR Patch ESX-1004216 is not installed OR Patch ESX-1004726 is not installed OR Patch ESX-1004722 is not installed OR Patch ESX-1004724 is not installed OR Patch ESX-1004719 is not installed OR Patch ESX-1004219 is not installed OR VMWare ESX Server 3.0.1 meets CVE-2007-5671 VMWare ESX Server 3.0.1 is installed AND All patches must be installed to not be vulnerable Patch ESX-1004186 is not installed OR Patch ESX-1004728 is not installed OR Patch ESX-1004725 is not installed OR Patch ESX-1004721 is not installed OR Patch ESX-1004723 is not installed OR Patch ESX-1004190 is not installed OR Patch ESX-1004189 is not installed OR VMWare ESX Server 2.5.5 meets CVE-2007-5671 VMWare ESX Server 2.5.5 build 57619 or higher is installed AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed OR VMWare ESX Server 2.5.4 meets CVE-2007-5671 VMWare ESX Server 2.5.4 build 32233 or higher is installed AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed
BACK