VMware ESXi Buffer Overflow and Memory Initialization Errors Let Local Guest System Users Obtain Potentially Sensitive Information and Execute Arbitrary Code on the Host System
|
SecurityTracker Alert ID: 1038149 |
SecurityTracker URL: http://securitytracker.com/id/1038149
|
CVE Reference:
CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905
(Links to External Site)
|
Date: Mar 28 2017
|
Impact:
Denial of service via local system, Disclosure of system information, Disclosure of user information, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.5, 6.0, 6.5
|
Description:
Multiple vulnerabilities were reported in VMware ESXi. A local user on the guest system can obtain potentially sensitive information and gain elevated privileges on the host system.
A local user on the guest system can trigger a heap overflow in SVGA to execute arbitrary code on the host system [CVE-2017-4902]. ESXi 6.0 is not affected.
A local user on the guest system can trigger an uninitialized stack memory usage error in SVGA to execute arbitrary code on the host system [CVE-2017-4903].
A local user on the guest system can trigger an uninitialized stack memory usage error in the XHCI controller to execute arbitrary code on the host system [CVE-2017-4904]. On ESXi 5.5, the impact is limited to denial of service conditions.
A local user on the guest system can trigger an uninitialized memory usage error to obtain potentially sensitive information on the host system [CVE-2017-4905].
ZDI and Team 360 Security from Qihoo and ZDI and Team Sniper from Tencent Security reported these vulnerabilities.
|
Impact:
A local user on the guest system can gain elevated privileges on the host system.
A local user on the guest system can obtain potentially sensitive information on the host system.
|
Solution:
The vendor has issued a fix.
The vendor advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2017-0006.html
|
Vendor URL: www.vmware.com/security/advisories/VMSA-2017-0006.html (Links to External Site)
|
Cause:
Access control error, Boundary error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|