CVE-2010-4296

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-4296
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.vmware.com/pipermail/security-announce/2010/000112.html
http://www.vmware.com/security/advisories/VMSA-2010-0018.html Vendor Advisory
http://secunia.com/advisories/42482 Vendor Advisory
http://www.securitytracker.com/id?1024820
http://www.vupen.com/english/advisories/2010/3116 Vendor Advisory
http://secunia.com/advisories/42453 Vendor Advisory
http://www.securitytracker.com/id?1024819
http://www.securityfocus.com/bid/45168
http://osvdb.org/69584
http://www.securityfocus.com/archive/1/514995/100/0/threaded
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*
Information

Published : 2010-12-06 21:05

Updated : 2018-10-10 20:08

NVD link : CVE-2010-4296

Mitre link : CVE-2010-4296

JSON object : View

Products Affected

vmware

  • player
  • fusion
  • workstation
  • server

linux

  • linux_kernel
CWE
CWE-264

Permissions, Privileges, and Access Controls