| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in VMware Player up to 2.0.3. This affects an unknown part. The manipulation results in untrusted search path. This vulnerability is known as CVE-2008-0967. No exploit is available. The affected component should be upgraded.
Details
A vulnerability, which was classified as problematic, was found in VMware Player up to 2.0.3 (Virtualization Software). Affected is an unknown part. The manipulation with an unknown input leads to a untrusted search path vulnerability. CWE is classifying the issue as CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
The weakness was published 06/02/2008 with iDefense (Website). The advisory is shared for download at labs.idefense.com. This vulnerability is traded as CVE-2008-0967 since 02/25/2008. The attack needs to be done within the local network. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1574.
It is declared as proof-of-concept. As 0-day the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 800006 , which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 115824 (VMware Security Update (VMSA-2008-0008 and VMSA-2008-0009)).
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (42878), Tenable (800006), SecurityFocus (BID 29557†), Secunia (SA30476†) and SecurityTracker (ID 1020198†). Similar entries are available at VDB-3721, VDB-3722, VDB-3719 and VDB-29606. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.5
VulDB Base Score: 6.3
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Untrusted search pathCWE: CWE-426
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 800006
Nessus File: 🔍
OpenVAS ID: 800006
OpenVAS Name: VMware Product(s) Local Privilege Escalation Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
02/25/2008 🔍06/02/2008 🔍
06/04/2008 🔍
06/04/2008 🔍
06/05/2008 🔍
06/19/2008 🔍
04/23/2018 🔍
Sources
Vendor: vmware.comAdvisory: labs.idefense.com⛔
Organization: iDefense
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2008-0967 (🔍)
GCVE (CVE): GCVE-0-2008-0967
GCVE (VulDB): GCVE-100-3720
OVAL: 🔍
X-Force: 42878 - VMware vmware-authd privilege escalation
SecurityFocus: 29557 - VMware vmware-authd Daemon Local Privilege Escalation Vulnerability
Secunia: 30476 - VMware Products Multiple Vulnerabilities, Less Critical
SecurityTracker: 1020198
Vupen: ADV-2008-1744
scip Labs: https://www.scip.ch/en/?labs.20060413
See also: 🔍
Entry
Created: 06/19/2008 14:42Updated: 04/23/2018 17:58
Changes: 06/19/2008 14:42 (74), 04/23/2018 17:58 (7)
Complete: 🔍
Committer: stfr
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.