Vulnerability Name: | CVE-2008-0923 (CCN-40837) |
Assigned: | 2008-02-25 |
Published: | 2008-02-25 |
Updated: | 2018-10-15 |
Summary: | Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
|
CVSS v3 Severity: | 8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): Low |
|
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:C)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 6.6 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:P) 5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:P/E:POC/RL:W/RC:C)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Partial |
|
Vulnerability Type: | CWE-22
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2008-0923
Source: CCN Type: VMware Knowledge Base ID: 1004034 Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE
Source: CONFIRM Type: UNKNOWN http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
Source: FULLDISC Type: UNKNOWN 20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation
Source: MLIST Type: UNKNOWN [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
Source: CCN Type: SA29117 VMware Products Shared Folders Directory Traversal Vulnerability
Source: SECUNIA Type: UNKNOWN 29117
Source: SREASON Type: UNKNOWN 3700
Source: CCN Type: SECTRACK ID: 1019493 VMware Shared Folder Bug Lets Local Users on the Guest OS Gain Elevated Privileges on the Host OS
Source: MISC Type: UNKNOWN http://www.coresecurity.com/?action=item&id=2129
Source: CCN Type: CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation
Source: CCN Type: OSVDB ID: 42333 VMware Multiple Products Shared Folders Host OS Encoded Traversal Arbitrary File Write
Source: BUGTRAQ Type: UNKNOWN 20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation
Source: BUGTRAQ Type: UNKNOWN 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
Source: BID Type: UNKNOWN 27944
Source: CCN Type: BID-27944 VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory Traversal Vulnerability
Source: BID Type: UNKNOWN 28276
Source: CCN Type: BID-28276 VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities
Source: SECTRACK Type: UNKNOWN 1019493
Source: CCN Type: VMSA-2008-0005 Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line.
Source: CONFIRM Type: UNKNOWN http://www.vmware.com/security/advisories/VMSA-2008-0005.html
Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/player/doc/releasenotes_player.html
Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Source: VUPEN Type: UNKNOWN ADV-2008-0679
Source: VUPEN Type: UNKNOWN ADV-2008-0905
Source: XF Type: UNKNOWN vmware-sharedfolders-directory-traversal(40837)
Source: XF Type: UNKNOWN vmware-sharedfolders-directory-traversal(40837)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:player:1.0.4:*:*:*:*:*:*:*OR cpe:/a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*OR cpe:/a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*OR cpe:/a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:4.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:4.5.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:* Denotes that component is vulnerable |
BACK |