CVE-2013-1662 - OpenCVE

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Workstation Player

Configuration 1 [-]

OR	cpe:2.3:a:vmware:workstation:8.0:::::::*
	cpe:2.3:a:vmware:workstation:8.0.0.18997:::::::*
	cpe:2.3:a:vmware:workstation:8.0.1:::::::*
	cpe:2.3:a:vmware:workstation:8.0.1.27038:::::::*
	cpe:2.3:a:vmware:workstation:8.0.2:::::::*
	cpe:2.3:a:vmware:workstation:8.0.3:::::::*
	cpe:2.3:a:vmware:workstation:8.0.4:::::::*
	cpe:2.3:a:vmware:workstation:8.0.5:::::::*
	cpe:2.3:a:vmware:workstation:8.0.6:::::::*
	cpe:2.3:a:vmware:workstation:9.0:::::::*
	cpe:2.3:a:vmware:workstation:9.0.1:::::::*
	cpe:2.3:a:vmware:workstation:9.0.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:vmware:player:4.0:::::::*
	cpe:2.3:a:vmware:player:4.0.0.18997:::::::*
	cpe:2.3:a:vmware:player:4.0.1:::::::*
	cpe:2.3:a:vmware:player:4.0.2:::::::*
	cpe:2.3:a:vmware:player:4.0.3:::::::*
	cpe:2.3:a:vmware:player:4.0.4:::::::*
	cpe:2.3:a:vmware:player:4.0.5:::::::*
	cpe:2.3:a:vmware:player:4.0.6:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:vmware:player:5.0:::::::*
	cpe:2.3:a:vmware:player:5.0.1:::::::*
	cpe:2.3:a:vmware:player:5.0.2:::::::*

References

Link	Resource
http://blog.cmpxchg8b.com/2013/08/security-debianisms.html
http://www.vmware.com/security/advisories/VMSA-2013-0010.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:14:48

Updated: 2022-10-03T16:14:48

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-1662

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-08-24T01:55:04.017

Modified: 2013-08-26T15:14:23.963

Link: CVE-2013-1662

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2013-0010.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.cmpxchg8b.com/2013/08/security-debianisms.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1662", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/security/advisories/VMSA-2013-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2013-0010.html"}, {"name": "http://blog.cmpxchg8b.com/2013/08/security-debianisms.html", "refsource": "MISC", "url": "http://blog.cmpxchg8b.com/2013/08/security-debianisms.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1662", "datePublished": "2022-10-03T16:14:48", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:48", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCE22BB0-F375-4883-BF6C-5A6369694EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*", "matchCriteriaId": "01483038-BC89-44BA-B07B-362FC5D7E8C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD913295-9302-425A-A9E1-B0DF76AD3069", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*", "matchCriteriaId": "B671AC17-7064-4541-ADB3-FCD72109C766", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "51B6CAE2-A396-40C8-8FF0-D9EC64D5C9A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "21644868-F1B0-4A8E-BE73-4F42BEB8E834", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4944D9B1-A48B-4F32-951E-BEC3FEAC45FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0E57BCAA-86E0-4AE1-B30E-1F928CE9E289", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "29CBDF44-B9F6-402D-A34C-7B5B16367F8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B439F706-27F8-4238-9396-B460EB78B6DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B87CF2A3-422B-4B5C-9E90-382FF6373F38", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6BF4A5B6-C3E5-47B4-BC9E-14F544E3393E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "535E3D3C-76A5-405A-8F9D-21A86ED31D07", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*", "matchCriteriaId": "81AFBBE6-0B3B-44DB-BBEB-08C8B2C39038", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D09D7FB-78EE-4168-996D-FD3CF2E187BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "816F1646-A1C9-4E4A-BCE1-A34D00B51ABE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6D5FD2D7-9928-437B-8988-4FC955DE4F84", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C2932689-76D4-4907-9CF9-AD8F6B801579", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "D7EE4D64-35A5-46B5-907B-C4ADA14E1288", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "4504C4BD-ED32-445C-9957-2BC3ABB29EDC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "364FBB12-E292-47BB-8D26-CED34232A135", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DEBF8C7B-7034-47B4-B84A-6987EB7B4DC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "277B926D-C575-4526-9F0C-A1D6EAF2AA2D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function."}, {"lang": "es", "value": "vmware-mount en VMware Workstation v8.x y v9.x y VMware Player v4.x y v5.x, en sistemas basados en Debian GNU/Linux, permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host manipulando la ruta del directorio del ejecutable lsb_release, relacionado con el uso de la librer\u00eda de funciones popen."}], "evaluatorComment": "Per: http://www.vmware.com/security/advisories/VMSA-2013-0010.html\n\n\"The issue is present when Workstation or Player are installed on a Debian-based version of Linux.\"", "id": "CVE-2013-1662", "lastModified": "2013-08-26T15:14:23.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-24T01:55:04.017", "references": [{"source": "cve@mitre.org", "url": "http://blog.cmpxchg8b.com/2013/08/security-debianisms.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2013-0010.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}