Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Vmware
  • Workstation
  • Fusion
  • Player
  • Server
  • Vix Api
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
OR cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://lists.vmware.com/pipermail/security-announce/2010/000090.html Vendor Advisory Patch
http://osvdb.org/63606
http://secunia.com/advisories/39201 Vendor Advisory
http://secunia.com/advisories/39206 Vendor Advisory
http://secunia.com/advisories/39215 Vendor Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.securityfocus.com/bid/39407
http://www.securitytracker.com/id?1023835
http://www.vmware.com/security/advisories/VMSA-2010-0007.html Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-04-12T18:00:00

Updated: 2010-04-22T09:00:00

Reserved: 2010-03-29T00:00:00

Link: CVE-2010-1139

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-04-12T18:30:00.587

Modified: 2013-05-15T03:07:56.200

Link: CVE-2010-1139

JSON object: View

cve-icon Redhat Information

No data.

CWE