The OVAL Repository5.42015-09-03T07:08:03.152-04:00ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privilegesVMWare ESX Server 3The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMWare ESX Server 3.0.3 is installedVMWare ESX Server 3The operating system installed on the system is VMWare ESX Server 3.0.3.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDVMware ESX Openwsman Lets Local Users Gain Root PrivilegesVMWare ESX Server 3VMWare ESX Server 2Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated PrivilegesVMWare ESX Server 3VMWare ESX Server 2HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary CodeVMWare ESX Server 3VMWare ESX Server 2Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMware ESX Openwsman Lets Local Users Gain Root PrivilegesVMWare ESX Server 3VMWare ESX Server 2Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated PrivilegesVMWare ESX Server 3VMWare ESX Server 2Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMware ESX Multiple Code Execution and Denial of Service VulnerabilitiesVMWare ESX Server 3Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDVMware ESX server double free vulnerability may let remote users execute arbitrary codeVMWare ESX Server 3Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.Yuzheng ZhouDRAFTPai PengINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDVMWare ESX Server 3.0.0 is installedVMWare ESX Server 3The operating system installed on the system is VMWare ESX Server 3.0.0.Yuzheng ZhouDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDVMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated PrivilegesVMWare ESX Server 3VMWare ESX Server 2HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary CodeVMWare ESX Server 3VMWare ESX Server 2Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated PrivilegesVMWare ESX Server 3VMWare ESX Server 2Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.Michael WoodDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDVMWare ESX Server 3.0.2 is installedVMWare ESX Server 3The operating system installed on the system is VMWare ESX Server 3.0.2.Yuzheng ZhouDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDVMWare ESX Server 3.0.1 is installedVMWare ESX Server 3The operating system installed on the system is VMWare ESX Server 3.0.1.Yuzheng ZhouDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTED1006678200809401100636110047261004186905211004219100472310047281004721100482110047241004725100421690520100419010047221004719100472710041891004728100472110047271004186100472510041909052010047241004219100421690521100472210047191004726100472310041891004821705242677374321317375752668885221018701541161870817401834165714921691501112641979459976400392718961790239271841979455752668131737705242649216917737432341657111618709617902187015488522108174018501112699764001004189100419010048211004186100472390520100472610047271004722100472510042191004216100472810047191004721905211004724100472410047251004727100421910042161004723100472190520100482110041861004189100472810041909052110047191004726100472290521100482110041901004728100472110047271004219100472410047261004186100472310047221004216100472590520100471910041893.0.32.5.4322332.5.5576192.5.5576192.5.4322333.0.02.5.4322332.5.5576192.5.5576192.5.4322333.0.23.0.12.5.5576192.5.432233