Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: PHP and VMWare Updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP and VMWare Updates
PHP 5.4.19 and PHP 5.5.3
The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for
CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled in PHP 5.4, which were introduced in previously released 5.4.18 and 5.5.2.
All PHP users are encouraged to upgrade to either PHP 5.5.3 or PHP 5.4.19.
For source downloads of PHP 5.4.19 and PHP 5.5.3 please visit our downloads page: http://www.php.net/downloads.php
Windows binaries can be found on: http://windows.php.net/download/
The list of changes is recorded in the ChangeLog at: http://www.php.net/ChangeLog-5.php
 
VMWare VMSA-2013-0010
Summary
VMware Workstation addresses a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.
 
Relevant releases
VMware Workstation 9.x 
VMware Workstation 8.x 
VMware Player 5.x 
VMware Player 4.x
 
Problem Description
 
VMware mount privilege escalation 
 
VMware Workstation and Player contain a vulnerability in the handling of the vmware-mount command. A local malicious user may exploit this vulnerability to escalate their privileges to root on the host OS. The issue is present when Workstation or Player are installed on a Debian-based version of Linux. 
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating System. 
 
 
Russ McRee

184 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!