Title

Multiple Vulnerabilities in VMware Products (Cat II impact)

Discussion

VMware has released a security advisory addressing multiple vulnerabilities in various VMware products. VMware products provide enterprise level virtualization. To exploit these vulnerabilities, an attacker would utilize various TTPs (Tactics, Techniques and Procedures). If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code or elevate privileges from a host OS. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. VMware VMnc Codec frame decompression Remote Code Execution Vulnerability - (CVE-2010-4294): A function in the decoder frame decompression routine implicitly trusts a size value. An attacker can utilize this to miscalculate a destination pointer, leading to the corruption of a heap buffer, and could allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed. VMware Workstation, Player and Fusion vmware-mount Race Condition Vulnerability - (CVE-2010-4295): Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. Note: VMware Workstation and Player running on Microsoft Windows are not affected. VMware Workstation, Player and Fusion vmware-mount Privilege Escalation Vulnerability - (CVE-2010-4296): vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. Note: VMware Workstation and Player running on Microsoft Windows are not affected. VMware Tools Command Injection Vulnerability - (CVE-2010-4297): The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. Note: The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not affected.

Check Content

Windows - See the IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: VMware Workstation 7.1.1 and earlier VMware Workstation 6.5.4 and earlier VMware Player 3.1.1 and earlier VMware Player 2.5.4 and earlier View the About “Product” from the menu to view version and build numbers. Alternately, check the version through the Support information link for the program in Add or Remove Programs or in Programs and Features (Vista and later). To expose the version column in Programs and Features right click somewhere in the column headers, select More and select Version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25835

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.