CVE-2008-4279
First published: Mon Oct 06 2008(Updated: )
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Player | >=1.0<1.0.8 | |
| VMware Player | >=2.0<2.0.5 | |
| VMware Server | >=1.0<1.0.8 | |
| VMware Workstation | >=5.5<5.5.8 | |
| VMware Workstation | >=6.0<6.0.5 | |
| VMware ESX | >=2.5.4<=3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/32157
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/31569
- http://www.securitytracker.com/id?1020991
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45668
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929
Frequently Asked Questions
What is the severity of CVE-2008-4279?
CVE-2008-4279 has a high severity rating due to its potential impact on the security of virtual machines.
How do I fix CVE-2008-4279?
To fix CVE-2008-4279, upgrade VMware Workstation to version 6.0.5 or later, VMware Player to version 2.0.5 or later, VMware Server to version 1.0.7 or later, or ESX to a version above 3.5.
Which VMware products are affected by CVE-2008-4279?
CVE-2008-4279 affects VMware Workstation versions before 6.0.5, Player versions before 2.0.5, Server versions before 1.0.7, and ESX versions between 2.5.4 and 3.5.
What type of vulnerability is CVE-2008-4279?
CVE-2008-4279 is a vulnerability related to CPU hardware emulation in virtual machines.
Is authentication required to exploit CVE-2008-4279?
Yes, CVE-2008-4279 requires authenticated access to exploit the vulnerability.
- collector/nvd-index
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/remedy
- agent/author
- agent/tags
- agent/event
- agent/source
- vendor/vmware
- canonical/vmware player
- version/vmware player/1.0
- version/vmware player/2.0
- canonical/vmware server
- version/vmware server/1.0
- canonical/vmware workstation
- version/vmware workstation/5.5
- version/vmware workstation/6.0
- canonical/vmware esx
- version/vmware esx/2.5.4
- version/vmware esx/3.5