Executive Summary
Summary | |
---|---|
Title | VMware hosted products and ESX patches resolve multiple security issues |
Informations | |||
---|---|---|---|
Name | VMSA-2010-0018 | First vendor Publication | 2010-12-02 |
Vendor | VMware | Last vendor Modification | 2010-12-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware Workstation, Player and Fusion vmware-mount race condition The way temporary files are handled by the mounting process could result in a race condition. This issue could allow a local user on the host to elevate their privileges. VMware Workstation and Player running on Microsoft Windows are not affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4295 to this issue. VMware would like to thank Dan Rosenberg for reporting this issue. b. VMware Workstation, Player and Fusion vmware-mount privilege escalation vmware-mount which is a suid binary has a flaw in the way libraries are loaded. This issue could allow local users on the host to execute arbitrary shared object files with root privileges. VMware Workstation and Player running on Microsoft Windows are not affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4296 to this issue. VMware would like to thank Martin Carpenter for reporting this issue. c. OS Command Injection in VMware Tools update A vulnerability in the input validation of VMware Tools update allows for injection of commands. The issue could allow a user on the host to execute commands on the guest operating system with root privileges. The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4297 to this issue. VMware would like to thank Nahuel Grisolia of Bonsai Information Security, http://www.bonsai-sec.com, for reporting this issue. d. VMware VMnc Codec frame decompression remote code execution The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package. A function in the decoder frame decompression routine implicitly trusts a size value. An attacker can utilize this to miscalculate a destination pointer, leading to the corruption of a heap buffer, and could allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4294 to this issue. VMware would like to thank Aaron Portnoy and Logan Brown of TippingPoint DVLabs for reporting this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2010-0018.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-362 | Race Condition |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-12-09 | VMware Tools update OS Command Injection |
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple securi... File : nvt/gb_VMSA-2010-0018.nasl |
2010-12-13 | Name : VMware Products Memory Corruption and Buffer Overflow Vulnerability (Win) File : nvt/gb_vmware_prdts_mem_corruption_n_bof_vuln_win.nasl |
2010-12-13 | Name : VMware Products Multiple Local Privilege Escalation Vulnerabilities (Linux) File : nvt/gb_vmware_prdts_mult_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Windows) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69596 | VMware Multiple Products VMnc Decoder Frame Decompression Memory Corruption A memory corruption flaw exists in VMWare Movie Decoder, Workstation, and Player. The decoder frame decompression of the VMnc codec fails to sanitize user-supplied input resulting in heap memory corruption. With a specially crafted file or page, a context-dependent attacker can execute arbitrary code. |
69590 | VMware Tools Update Guest System Unspecified Arbitrary Command Injection VMware Tools update contains an input validation flaw. This may allow a local attacker to execute commands on the guest operating system with root privileges. |
69585 | VMware Multiple Products vmware-mount Mounting Process Race Condition Privile... VMware Workstation, Player, and Fusion contain a race condition flaw within the 'vmware-mount' utility when handling temporary files during the mounting process that may allow an attacker to gain access to unauthorized privileges. This may be exploited by a local attacker to gain elevated privileges and create files or directories. |
69584 | VMware Multiple Products vmware-mount Library Loading Arbitrary Code Execution VMware Workstation, Player, and Fusion contain a flaw related to the 'vmware-mount' utility when loading libraries. This may allow a local attacker to execute arbitrary code with root privileges. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-12-09 | IAVM : 2010-A-0168 - Multiple Vulnerabilities in VMware Products Severity : Category II - VMSKEY : V0025835 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-04-14 | VmWare Tools command injection attempt RuleID : 38243 - Revision : 2 - Type : SERVER-WEBAPP |
2016-04-14 | VmWare Tools command injection attempt RuleID : 38242 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0018_remote.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by a security issue. File : macosx_fusion_2_0_8.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by three security issues. File : macosx_fusion_3_1_2.nasl - Type : ACT_GATHER_INFO |
2010-12-07 | Name : The remote host has a virtualization application affected by multiple vulnera... File : vmware_multiple_vmsa_2010_0018.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0018.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-09 13:25:54 |
|
2014-02-17 12:07:18 |
|
2013-12-14 21:19:32 |
|
2013-11-11 12:41:39 |
|