Lucene search

K
vmwareVMwareVMSA-2010-0018
HistoryDec 02, 2010 - 12:00 a.m.

VMware hosted products and ESX patches resolve multiple security issues

2010-12-0200:00:00
www.vmware.com
52

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.114 Low

EPSS

Percentile

95.1%

a. VMware Workstation, Player and Fusion vmware-mount race condition

The way temporary files are handled by the mounting process could result in a race condition. This issue could allow a local user on the host to elevate their privileges. VMware Workstation and Player running on Microsoft Windows are not affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4295 to this issue . VMware would like to thank Dan Rosenberg for reporting this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available.

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.114 Low

EPSS

Percentile

95.1%