CVE-2010-4296:workstation, player, server, fusion: vmware-mount in VMware Workstation 7.x before 7.1.2...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4296

workstation, player, server, fusion: vmware-mount in VMware Workstation 7.x before 7.1.2...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4296

Original

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-06

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-07

Affected Product Tags

cpe:/a:vmware:fusion:3.1

cpe:/a:vmware:fusion:3.1.1

cpe:/a:vmware:player:3.1

cpe:/a:vmware:player:3.1.1

cpe:/a:vmware:server:2.0.2

cpe:/a:vmware:workstation:7.0

cpe:/a:vmware:workstation:7.0.1

cpe:/a:vmware:workstation:7.1

cpe:/a:vmware:workstation:7.1.1

cpe:/o:apple:mac_os_x

cpe:/o:linux:linux_kernel

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://www.vmware.com/security/advisories/VMSA-2010-0018.html

MLIST [security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)