---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA32624 VERIFY ADVISORY: http://secunia.com/advisories/32624/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: VMware ESXi 3.x http://secunia.com/advisories/product/19561/ VMware ESX Server 3.x http://secunia.com/advisories/product/10757/ VMware ESX Server 2.x http://secunia.com/advisories/product/2125/ DESCRIPTION: Some vulnerabilities have been reported in VMware ESX and ESXi, which can be exploited by malicious, local users to gain escalated privileges. 1) A vulnerability in the CPU hardware emulation can be exploited by malicious, local users to gain escalated privileges. For more information: SA32612 This vulnerability is reported in VMware ESX 2.5.4, 2.5.5, 3.0.2, 3.0.3, 3.5, and ESXi 3.5. 2) An unspecified input validation error can be exploited by administrators to gain escalated privileges via directory traversal attacks. Successful exploitation requires that an administrator has the "Datastore.FileManagement" privilege. This vulnerability is reported in VMware ESX 3.5 and ESXi 3.5. SOLUTION: Update to the latest version or apply patches. -- VMware ESXi -- ESXi 3.5: Apply patch ESXe350-200810401-O-UG. http://download3.vmware.com/software/vi/ESXe350-200810401-O-UG.zip -- VMware ESX -- ESX 3.5: Apply patch ESX350-200810201-UG. http://download3.vmware.com/software/vi/ESX350-200810201-UG.zip ESX 3.0.3: Apply patch ESX303-200810501-BG. http://download3.vmware.com/software/vi/ESX303-200810501-BG.zip ESX 3.0.2: Apply patch ESX-1006680. http://download3.vmware.com/software/vi/ESX-1006680.tgz VMware ESX 2.5.5: Apply Patch 10. http://download3.vmware.com/software/esx/esx-2.5.5-119702-upgrade.tar.gz VMware ESX 2.5.4: Apply Patch 21 http://download3.vmware.com/software/esx/esx-2.5.4-119703-upgrade.tar.gz PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Derek Soeder 2) Michel Toussaint ORIGINAL ADVISORY: VMSA-2008-0018: http://lists.vmware.com/pipermail/security-announce/2008/000042.html OTHER REFERENCES: SA32612: http://secunia.com/advisories/32612/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------