|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200601-04] VMware Workstation: Vulnerability in NAT networking Vulnerability Scan
Vulnerability Scan Summary VMware Workstation: Vulnerability in NAT networking
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200601-04
(VMware Workstation: Vulnerability in NAT networking)
Tim Shelton discovered that vmnet-natd, the host module providing
NAT-style networking for VMware guest operating systems, is unable to
process incorrect 'EPRT' and 'PORT' FTP requests.
Impact
Malicious guest operating systems using the NAT networking feature
or local VMware Workstation users could exploit this vulnerability to
execute arbitrary code on the host system with elevated rights.
Workaround
Disable the NAT service by following the instructions at http://www.vmware.com/support/k
b, Answer ID 2002.
References:
http://www.vmware.com/support/kb
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4459
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000
Solution:
All VMware Workstation users should upgrade to a fixed version:
# emerge --sync
# emerge --ask --oneshot --verbose app-emulation/vmware-workstation
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|