----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
VMware Products Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA32612

VERIFY ADVISORY:
http://secunia.com/advisories/32612/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

REVISION:
1.1 originally posted 2008-11-07

SOFTWARE:
VMware Workstation 5.x
http://secunia.com/advisories/product/5080/
VMware Workstation 6.x
http://secunia.com/advisories/product/14321/
VMware Player 1.x
http://secunia.com/advisories/product/6594/
VMWare Player 2.x
http://secunia.com/advisories/product/15771/
VMware ACE 1.x
http://secunia.com/advisories/product/6593/
VMWare ACE 2.x
http://secunia.com/advisories/product/15772/
VMware Server 1.x
http://secunia.com/advisories/product/10733/

DESCRIPTION:
A vulnerability has been reported in various VMware products, which
can be exploited by malicious, local users to gain escalated
privileges.

The vulnerability is caused due to an error in the CPU hardware
emulation when handling the Trap flag, which can be exploited by a
local user on a guest operating system to gain escalated privileges.

Please see vendor's advisory for a list of affected products and
versions.

SOLUTION:
Update to the latest version or apply patches.

VMware Workstation 6.0.x:
Update to version 6.5.0 build 118166 or later.

VMware Workstation 5.x:
Update to version 5.5.9 build 126128 or later.
http://www.vmware.com/download/ws/ws5.html

VMware Player 1.x:
Update to version 1.0.9 build 126128 or later.
http://www.vmware.com/download/player/

VMware Player 2.0.x:
Update to version 2.5.0 build 118166 or later.

VMware ACE 1.x:
Update to version 1.0.8 build 125922 or later.
http://www.vmware.com/download/ace/

VMware ACE 2.0.x:
Update to version 2.5.0 build 118166 or later.

VMware Server 1.x:
Update to version 1.0.8 build 126538 or later.
http://www.vmware.com/download/server/

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Derek Soeder.

CHANGELOG:
2008-11-10: Added reporter link to the "Original Advisory" section.

ORIGINAL ADVISORY:
VMSA-2008-0018:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html

Derek Soeder:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065505.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------