| Vulnerability Name: | CVE-2008-4279 (CCN-45668) | ||||||||
| Assigned: | 2008-10-03 | ||||||||
| Published: | 2008-10-03 | ||||||||
| Updated: | 2018-11-02 | ||||||||
| Summary: | The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C) 5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4279 Source: FULLDISC Type: Third Party Advisory 20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2) Source: BUGTRAQ Type: Mailing List, Third Party Advisory 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and Source: CCN Type: SA32157 VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability Source: SECUNIA Type: Third Party Advisory 32157 Source: CCN Type: SA32179 VMware VirtualCenter Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 32179 Source: CCN Type: SA32180 VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 32180 Source: CCN Type: SECTRACK ID: 1020991 VMware 64-bit Hardware Emulation Bug Lets Local Users Gain Elevated Privileges Source: CCN Type: OSVDB ID: 49090 VMware Multiple Products 64-bit Guest OS CPU Hardware Emulation Cross-OS Privilege Escalation Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues Source: BID Type: Third Party Advisory, VDB Entry 31569 Source: CCN Type: BID-31569 VMware Products In-Guest Privilege Escalation and Information Disclosure Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1020991 Source: CCN Type: VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2008-0016.html Source: VUPEN Type: Third Party Advisory ADV-2008-2740 Source: XF Type: Third Party Advisory, VDB Entry vmware-esxesxi-jump-privilege-escalation(45668) Source: XF Type: UNKNOWN vmware-esxesxi-jump-privilege-escalation(45668) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:5929 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||