Executive Summary
| Summary | |
|---|---|
| Title | - VMware Workstation update addresses multiple security issues |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2017-0009 | First vendor Publication | 2017-05-18 |
| Vendor | VMware | Last vendor Modification | 2017-05-18 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| a. VMware Workstation Insecure library loading vulnerability VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine. VMware would like to thank Jann Horn of Google Project Zero for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4915 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. b. VMware Workstation NULL pointer dereference vulnerability VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. VMware would like to thank Borja Merino for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4916 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2017-0009.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-476 | NULL Pointer Dereference |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Metasploit Database
| id | Description |
|---|---|
| 2017-05-22 | VMware Workstation ALSA Config File Local Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-05-25 | Name : A virtualization application installed on the remote Linux host is affected b... File : vmware_workstation_linux_vmsa_2017_0009.nasl - Type : ACT_GATHER_INFO |
| 2017-05-25 | Name : A virtualization application installed on the remote Windows host is affected... File : vmware_workstation_win_vmsa_2017_0009.nasl - Type : ACT_GATHER_INFO |
| 2017-01-16 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0009.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 13:17:15 |
|
| 2017-06-08 17:24:56 |
|
| 2017-05-26 13:23:22 |
|
| 2017-05-23 00:23:33 |
|
| 2017-05-19 09:22:57 |
|
