CVE-2008-4917 - OpenCVE

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Esx Esxi Player Server Workstation

Configuration 1 [-]

OR	cpe:2.3:a:vmware:esx::::::::
	cpe:2.3:a:vmware:esxi:3.5:::::::*
	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:server::::::::
	cpe:2.3:a:vmware:workstation::::::::
	cpe:2.3:a:vmware:workstation::::::::

No data.

References

Link	Providers
http://kb.vmware.com/kb/1006980
http://kb.vmware.com/kb/1006986
http://secunia.com/advisories/32965
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securitytracker.com/id?1021300
http://securitytracker.com/id?1021301
http://www.securityfocus.com/archive/1/498863/100/0/threaded
http://www.securityfocus.com/archive/1/498886/100/0/threaded
http://www.securityfocus.com/bid/32597
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-09T00:00:00

Updated: 2024-08-07T10:31:28.283Z

Reserved: 2008-11-03T00:00:00

Link: CVE-2008-4917

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2008-12-09T00:30:00.283

Modified: 2018-11-02T13:44:48.490

Link: CVE-2008-4917

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-03T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201209-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/kb/1006980"}, {"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:6246", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"}, {"name": "32965", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32965"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/kb/1006986"}, {"name": "20081203 Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"}, {"name": "1021301", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021301"}, {"name": "1021300", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1021300"}, {"name": "32597", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32597"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4917", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201209-25", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"name": "http://kb.vmware.com/kb/1006980", "refsource": "CONFIRM", "url": "http://kb.vmware.com/kb/1006980"}, {"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:6246", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"}, {"name": "32965", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32965"}, {"name": "http://kb.vmware.com/kb/1006986", "refsource": "CONFIRM", "url": "http://kb.vmware.com/kb/1006986"}, {"name": "20081203 Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"}, {"name": "1021301", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021301"}, {"name": "1021300", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1021300"}, {"name": "32597", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32597"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:31:28.283Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201209-25", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.vmware.com/kb/1006980"}, {"name": "20081203 VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:6246", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"}, {"name": "32965", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32965"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.vmware.com/kb/1006986"}, {"name": "20081203 Re: VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"}, {"name": "1021301", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1021301"}, {"name": "1021300", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1021300"}, {"name": "32597", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32597"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4917", "datePublished": "2008-12-09T00:00:00", "dateReserved": "2008-11-03T00:00:00", "dateUpdated": "2024-08-07T10:31:28.283Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:esx:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EA6F7DC-90D0-40C4-A8CA-765125102DD3", "versionEndIncluding": "3.5", "versionStartIncluding": "3.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "matchCriteriaId": "44A6CE08-8BAB-4BCC-87AE-FA433CD1AC67", "versionEndIncluding": "1.0.8", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA8737EE-4163-4B99-873A-21FC9748087A", "versionEndIncluding": "2.0.5", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE92595D-2632-432D-A705-B1F21FA2AE4C", "versionEndIncluding": "1.0.9", "versionStartIncluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEFA048E-E58D-481F-BE83-FF26795A0F7C", "versionEndIncluding": "5.5.8", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "1598C125-3339-4917-BCB6-A7F361887E15", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en VMware Workstation v5.5.8 y anteriores, y v6.0.5 y anteriores, versiones v6.x; VMware Player v1.0.8 y anteriores, y v2.0.5 y versiones anteriores a v2.x; VMware Server v1.0.9 y anteriores; VMware ESXi v3.5; y VMware ESX v3.0.2 a la v3.5, permite a los usuarios del sistema operativo hu\u00e9sped tener un impacto desconocido mediante el env\u00edo de una petici\u00f3n de hardware que lanza una operaci\u00f3n de escritura f\u00edsica de la memoria, permitiendo una corrupci\u00f3n de memoria."}], "id": "CVE-2008-4917", "lastModified": "2018-11-02T13:44:48.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-09T00:30:00.283", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://kb.vmware.com/kb/1006980"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://kb.vmware.com/kb/1006986"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32965"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1021300"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1021301"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/32597"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}