VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-4295
workstation, player, server, fusion: Race condition in the mounting process in vmware-mo...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4295

Original

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-12-06
Source Information Category:
Advisory, Alert
Last Updated:
2010-12-07




Affected Product Tags
cpe:/a:vmware:fusion:3.1
cpe:/a:vmware:fusion:3.1.1
cpe:/a:vmware:player:3.1
cpe:/a:vmware:player:3.1.1
cpe:/a:vmware:server:2.0.2
cpe:/a:vmware:workstation:7.0
cpe:/a:vmware:workstation:7.0.1
cpe:/a:vmware:workstation:7.1
cpe:/a:vmware:workstation:7.1.1
cpe:/o:apple:mac_os_x
cpe:/o:linux:linux_kernel
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
CONFIRM http://www.vmware.com/security/advisories/VMSA-2010-0018.html




MLIST [security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues




Vulnerability Type Race Conditions (CWE-362)




Copyright © 2010 JPCERT/CC All Rights Reserved.