thr3ads.net - Secure testing team - [Secure-testing-team] Bug#484491: CVE-2008-2098: buffer overflow allows arbitrary code execution [Jun 2008]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2008-Jun-04 11:27 UTC

[Secure-testing-team] Bug#484491: CVE-2008-2098: buffer overflow allows arbitrary code execution

Package: vmware-package
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE[0] has been issued against vmware products.

CVE-2008-2098:

Heap-based buffer overflow in the VMware Host Guest File System (HGFS)
in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before
2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware
Fusion before 1.1.2 build 87978, when folder sharing is used, allows
guest OS users to execute arbitrary code on the host OS via unspecified
vectors. 


The vmware security announcement can be found here[1].

Please mention the CVE id in your changelog, if you upload a fix for
this issue.


Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2098

[1]: http://www.vmware.com/security/advisories/VMSA-2008-0008.html

Secure testing team - Jun 2008 - Bug#484491: CVE-2008-2098: buffer overflow allows arbitrary code execution

[Secure-testing-team] Bug#484491: CVE-2008-2098: buffer overflow allows arbitrary code execution