Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT networking
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663
PostPosted: Sat Jan 07, 2006 9:26 pm    Post subject: [ GLSA 200601-04 ] VMware Workstation: Vulnerability in NAT Reply with quote
Gentoo Linux Security Advisory

Title: VMware Workstation: Vulnerability in NAT networking (GLSA 200601-04)
Severity: high
Exploitable: remote and local
Date: January 07, 2006
Updated: May 25, 2006
Bug(s): #116238
ID: 200601-04

Synopsis


VMware guest operating systems can execute arbitrary code with elevated
privileges on the host operating system through a flaw in NAT networking.


Background


VMware Workstation is a powerful virtual machine for developers and
system administrators.


Affected Packages

Package: app-emulation/vmware-workstation
Vulnerable: < 5.5.1.19175
Unaffected: >= 5.5.1.19175
Unaffected: >= 4.5.3.19414 < 4.5.3.19415
Unaffected: >= 3.2.1.2242-r10 < 3.2.1.2243
Architectures: All supported architectures


Description


Tim Shelton discovered that vmnet-natd, the host module providing
NAT-style networking for VMware guest operating systems, is unable to
process incorrect 'EPRT' and 'PORT' FTP requests.


Impact


Malicious guest operating systems using the NAT networking feature or
local VMware Workstation users could exploit this vulnerability to
execute arbitrary code on the host system with elevated privileges.


Workaround


Disable the NAT service by following the instructions at http://www.vmware.com/support/k
b , Answer ID 2002.


Resolution


All VMware Workstation users should upgrade to a fixed version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose app-emulation/vmware-workstation


References

CVE-2005-4459
VMware Security Response

Last edited by GLSA on Sun Nov 23, 2014 4:21 am; edited 6 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy