[Secure-testing-team] Bug#484491: CVE-2008-2098: buffer overflow allows arbitrary code execution
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Jun 4 11:27:39 UTC 2008
Package: vmware-package
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against vmware products.
CVE-2008-2098:
Heap-based buffer overflow in the VMware Host Guest File System (HGFS)
in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before
2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware
Fusion before 1.1.2 build 87978, when folder sharing is used, allows
guest OS users to execute arbitrary code on the host OS via unspecified
vectors.
The vmware security announcement can be found here[1].
Please mention the CVE id in your changelog, if you upload a fix for
this issue.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2098
[1]: http://www.vmware.com/security/advisories/VMSA-2008-0008.html
More information about the Secure-testing-team
mailing list