ITSS-Advisory : MEDIUM : VMware : Various Products : Privilege Escalation

THREAT LEVEL
============
Medium.

INFORMATION
===========
VMware has released new versions of various products. These new versions
fix a vulnerability which could allow privilege escalation on a virtual
machine guest operating system.

More information is available at:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html

AFFECTED PLATFORMS
==================
Computers of various operating systems running:
- VMware Workstation 6.0.5 and earlier,
- VMware Workstation 5.5.8 and earlier,
- VMware Player 2.0.5 and earlier,
- VMware Player 1.0.8 and earlier,
- VMware ACE 2.0.5 and earlier,
- VMware ACE 1.0.7 and earlier,
- VMware Server 1.0.7 and earlier.
- VMware ESXi 3.5 without patch ESXe350-200810401-O-UG
- VMware ESX 3.5 without patch ESX350-200810201-UG
- VMware ESX 3.0.3 without patch ESX303-200810501-BG
- VMware ESX 3.0.2 without patch ESX-1006680
- VMware ESX 2.5.5 without upgrade patch 10 or later
- VMware ESX 2.5.4 without upgrade patch 21

ACTION
======
Administrators of affected computers are advised to review the
bulletins, test and apply relevant upgrades.

The link:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html
has information on the various VMware products that are vulnerable,
and has links for the downloading of related product versions that
are not vulnerable.