Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4295 | First vendor Publication | 2010-12-06 |
Vendor | Cve | Last vendor Modification | 2022-12-14 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4295 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 3 | |
Application | 1 | |
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple securi... File : nvt/gb_VMSA-2010-0018.nasl |
2010-12-13 | Name : VMware Products Memory Corruption and Buffer Overflow Vulnerability (Win) File : nvt/gb_vmware_prdts_mem_corruption_n_bof_vuln_win.nasl |
2010-12-13 | Name : VMware Products Multiple Local Privilege Escalation Vulnerabilities (Linux) File : nvt/gb_vmware_prdts_mult_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Windows) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69585 | VMware Multiple Products vmware-mount Mounting Process Race Condition Privile... VMware Workstation, Player, and Fusion contain a race condition flaw within the 'vmware-mount' utility when handling temporary files during the mounting process that may allow an attacker to gain access to unauthorized privileges. This may be exploited by a local attacker to gain elevated privileges and create files or directories. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-12-09 | IAVM : 2010-A-0168 - Multiple Vulnerabilities in VMware Products Severity : Category II - VMSKEY : V0025835 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0018_remote.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by a security issue. File : macosx_fusion_2_0_8.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by three security issues. File : macosx_fusion_3_1_2.nasl - Type : ACT_GATHER_INFO |
2010-12-07 | Name : The remote host has a virtualization application affected by multiple vulnera... File : vmware_multiple_vmsa_2010_0018.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0018.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2022-12-14 21:27:57 |
|
2020-05-23 00:26:56 |
|
2018-10-11 00:20:00 |
|
2016-06-28 18:22:51 |
|
2016-04-26 20:14:40 |
|
2014-02-17 10:58:39 |
|
2013-11-11 12:39:05 |
|
2013-05-10 23:37:16 |
|