{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"VMware ACE 2.0.0 ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX 2.5.3 sans le patch 13 ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Server 1.0.3 ainsi que les versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Player 1.0.4 ainsi que les versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Player version 2.0.0 ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Workstation 6.0.0 ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX 2.1.3 sans le patch 8 ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Workstation 5.5.4 ainsi que les versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX 2.5.4 sans le patch 10 ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX 2.0.2 sans le patch 8 ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX, pour les versions 3.0.0, 3.0.1 et 3.0.2 sans les patchs associ\u00e9s ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ACE 1.0.3 ainsi que les versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans diff\u00e9rents produits\nVMware. Parmi celles-ci :\n\n-   un utilisateur ayant des droits administrateur sur la machine\n    virtuelle peut parvenir \u00e0 corrompre la m\u00e9moire du processus h\u00f4te, et\n    donc potentiellement ex\u00e9cuter du code arbitraire sur le syst\u00e8me\n    d'accueil ;\n-   un erreur de manipulation dans le serveur DHCP peut \u00eatre exploit\u00e9e\n    au moins de paquets sp\u00e9cialement construits pour acqu\u00e9rir les droits\n    administrateur sur le syst\u00e8me h\u00f4te vuln\u00e9rable ;\n-   plusieurs probl\u00e8mes dans la manipulation de requ\u00eates MS-RPC de SAMBA\n    peuvent \u00eatre exploit\u00e9s pour provoquer un d\u00e9bordement de pile c\u00f4t\u00e9\n    serveur.\n-   une vuln\u00e9rabilit\u00e9 du serveur DNS, associ\u00e9e \u00e0 l'avis\n    CERTA-2007-AVI-327 concernant BIND ;\n-   etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2004-0813","url":"https://www.cve.org/CVERecord?id=CVE-2004-0813"},{"name":"CVE-2007-1716","url":"https://www.cve.org/CVERecord?id=CVE-2007-1716"},{"name":"CVE-2006-4146","url":"https://www.cve.org/CVERecord?id=CVE-2006-4146"},{"name":"CVE-2007-0063","url":"https://www.cve.org/CVERecord?id=CVE-2007-0063"},{"name":"CVE-2007-4497","url":"https://www.cve.org/CVERecord?id=CVE-2007-4497"},{"name":"CVE-2007-0494","url":"https://www.cve.org/CVERecord?id=CVE-2007-0494"},{"name":"CVE-2007-0061","url":"https://www.cve.org/CVERecord?id=CVE-2007-0061"},{"name":"CVE-2007-2446","url":"https://www.cve.org/CVERecord?id=CVE-2007-2446"},{"name":"CVE-2006-1174","url":"https://www.cve.org/CVERecord?id=CVE-2006-1174"},{"name":"CVE-2006-4600","url":"https://www.cve.org/CVERecord?id=CVE-2006-4600"},{"name":"CVE-2006-3619","url":"https://www.cve.org/CVERecord?id=CVE-2006-3619"},{"name":"CVE-2007-2442","url":"https://www.cve.org/CVERecord?id=CVE-2007-2442"},{"name":"CVE-2007-2798","url":"https://www.cve.org/CVERecord?id=CVE-2007-2798"},{"name":"CVE-2007-1856","url":"https://www.cve.org/CVERecord?id=CVE-2007-1856"},{"name":"CVE-2007-2447","url":"https://www.cve.org/CVERecord?id=CVE-2007-2447"},{"name":"CVE-2007-0062","url":"https://www.cve.org/CVERecord?id=CVE-2007-0062"},{"name":"CVE-2007-4496","url":"https://www.cve.org/CVERecord?id=CVE-2007-4496"},{"name":"CVE-2007-2443","url":"https://www.cve.org/CVERecord?id=CVE-2007-2443"}],"links":[{"title":"Copie de l'annonce de s\u00e9curit\u00e9 VMSA-2007-0006 de VMware    publi\u00e9e le 18 septembre 2007 :","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"},{"title":"Liste de diffusion des annonces de s\u00e9curit\u00e9 VMware :","url":"http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"},{"title":"Site officiel de Vmware :","url":"http://www.vmware.com/security"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200711-23 du 18 novembre    2007 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200711-23.xml"}],"reference":"CERTA-2007-AVI-409","revisions":[{"description":"version initiale.","revision_date":"2007-09-21T00:00:00.000000"},{"description":"Ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.","revision_date":"2007-11-20T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire"},{"description":"D\u00e9ni de service"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans diff\u00e9rents produits\nVMware. L'exploitation de ces derniers peut provoquer l'ex\u00e9cution de\ncode arbitraire depuis une machine virtuelle sur la machine h\u00f4te, ou\nperturber son fonctionnement.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware","vendor_advisories":[{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 VMware VMSA-2007-0006 du 18 septembre 2007","url":null}]}