Vulnerability Name:

CVE-2007-5671 (CCN-38712)

Assigned:2007-11-23
Published:2007-11-23
Updated:2018-10-30
Summary:HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.6 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-5671

Source: IDEFENSE
Type: UNKNOWN
20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability

Source: CCN
Type: SA30556
VMware Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30556

Source: GENTOO
Type: UNKNOWN
GLSA-201209-25

Source: SREASON
Type: UNKNOWN
3922

Source: CCN
Type: SECTRACK ID: 1020197
VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1020197

Source: CCN
Type: OSVDB ID: 46205
VMware Multiple Products HGFS.sys user-mode METHOD_NEITHER IOCTLs Local Privilege Escalation

Source: CCN
Type: Sebug Web site: BESE2007112602
VMware Tools hgfs.sys Local Privilege Escalation Vulnerability Exploit

Source: BUGTRAQ
Type: UNKNOWN
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: BUGTRAQ
Type: UNKNOWN
20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability

Source: CCN
Type: BID-26556
VMware Tools HGFS.Sys Local Privilege Escalation Vulnerability

Source: CCN
Type: VMware, Inc. Web site
Vmware Tools

Source: CCN
Type: VMSA-2008-0009
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-1744

Source: XF
Type: UNKNOWN
vmware-tools-hgfs-privilege-escalation(38712)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5358

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5688

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:ace:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5358
    V
    		VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges
    2010-05-17
    oval:org.mitre.oval:def:5688
    V
    		VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges
    2010-05-17
    BACK
    vmware ace 1.0.0
    vmware ace 1.0.1
    vmware ace 1.0.2
    vmware ace 1.0.3
    vmware ace 1.0.4
    vmware esx server 2.5.5
    vmware player 1.0.4
    vmware server 1.0.3
    vmware vmware player 1.0.0
    vmware vmware player 1.0.1
    vmware vmware player 1.0.2
    vmware vmware player 1.0.3
    vmware vmware player 1.0.5
    vmware vmware server 1.0.0
    vmware vmware server 1.0.1
    vmware vmware server 1.0.2
    vmware vmware server 1.0.4
    vmware vmware workstation 5.5.0
    vmware vmware workstation 5.5.2
    vmware vmware workstation 5.5.5
    vmware workstation 5.5.1
    vmware workstation 5.5.3
    vmware workstation 5.5.4
    vmware esx 2.5.4
    vmware esx 3.0.0
    vmware esx 3.0.1
    vmware esx 3.0.2
    vmware workstation 5.5.1
    vmware esx server 2.5.5
    vmware ace 1.0
    vmware ace 1.0.3
    vmware server 1.0.3
    vmware workstation 5.5.3
    vmware workstation 5.5.4
    vmware server 1.0
    vmware workstation 5.5.0
    vmware workstation 5.5.2
    vmware workstation 5.5.5
    vmware ace 1.0.1
    vmware ace 1.0.2
    vmware ace 1.0.4
    vmware server 1.0.1
    vmware server 1.0.2
    vmware server 1.0.4