[Secure-testing-team] Bug#484491: CVE-2008-2098: buffer overflow allows arbitrary code execution

Steffen Joeris steffen.joeris at skolelinux.de
Wed Jun 4 11:27:39 UTC 2008


Package: vmware-package
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE[0] has been issued against vmware products.

CVE-2008-2098:

Heap-based buffer overflow in the VMware Host Guest File System (HGFS)
in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before
2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware
Fusion before 1.1.2 build 87978, when folder sharing is used, allows
guest OS users to execute arbitrary code on the host OS via unspecified
vectors. 


The vmware security announcement can be found here[1].

Please mention the CVE id in your changelog, if you upload a fix for
this issue.


Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2098

[1]: http://www.vmware.com/security/advisories/VMSA-2008-0008.html





More information about the Secure-testing-team mailing list