Vulnerability Description
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | 7.0 |
| Linux | Linux Kernel | - |
| Vmware | Player | 3.1 |
| Vmware | Server | 2.0.2 |
| Vmware | Fusion | 3.1 |
| Apple | Mac Os X | - |
Related Weaknesses (CWE)
References
- http://lists.vmware.com/pipermail/security-announce/2010/000112.htmlMailing ListVendor Advisory
- http://osvdb.org/69584Broken Link
- http://secunia.com/advisories/42453Broken LinkVendor Advisory
- http://secunia.com/advisories/42482Broken LinkVendor Advisory
- http://www.securityfocus.com/archive/1/514995/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/45168Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1024819Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1024820Broken LinkThird Party AdvisoryVDB Entry
- http://www.vmware.com/security/advisories/VMSA-2010-0018.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2010/3116Broken LinkThird Party Advisory
- http://lists.vmware.com/pipermail/security-announce/2010/000112.htmlMailing ListVendor Advisory
- http://osvdb.org/69584Broken Link
- http://secunia.com/advisories/42453Broken LinkVendor Advisory
- http://secunia.com/advisories/42482Broken LinkVendor Advisory
- http://www.securityfocus.com/archive/1/514995/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2010-4296?
CVE-2010-4296 is a vulnerability with a CVSS score of 7.2 (HIGH). vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 bu...
How severe is CVE-2010-4296?
CVE-2010-4296 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4296?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workstation, Linux Linux Kernel, Vmware Player, Vmware Server, Vmware Fusion.