Vulnerability Description
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | 7.0 |
| Linux | Linux Kernel | - |
| Vmware | Player | 3.1 |
| Vmware | Server | 2.0.2 |
| Vmware | Fusion | 3.1 |
| Apple | Mac Os X | - |
Related Weaknesses (CWE)
References
- http://lists.vmware.com/pipermail/security-announce/2010/000112.htmlMailing ListVendor Advisory
- http://osvdb.org/69585Broken Link
- http://secunia.com/advisories/42453Broken LinkVendor Advisory
- http://secunia.com/advisories/42482Broken LinkVendor Advisory
- http://www.securityfocus.com/archive/1/514995/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/45167Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1024819Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1024820Broken LinkThird Party AdvisoryVDB Entry
- http://www.vmware.com/security/advisories/VMSA-2010-0018.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2010/3116Broken LinkVendor Advisory
- http://lists.vmware.com/pipermail/security-announce/2010/000112.htmlMailing ListVendor Advisory
- http://osvdb.org/69585Broken Link
- http://secunia.com/advisories/42453Broken LinkVendor Advisory
- http://secunia.com/advisories/42482Broken LinkVendor Advisory
- http://www.securityfocus.com/archive/1/514995/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2010-4295?
CVE-2010-4295 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linu...
How severe is CVE-2010-4295?
CVE-2010-4295 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4295?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workstation, Linux Linux Kernel, Vmware Player, Vmware Server, Vmware Fusion.