CVE-2010-4295

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.vmware.com/pipermail/security-announce/2010/000112.html	Mailing List Vendor Advisory
http://osvdb.org/69585	Broken Link
http://secunia.com/advisories/42453	Broken Link Vendor Advisory
http://secunia.com/advisories/42482	Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/514995/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45167	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024819	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024820	Broken Link Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0018.html	Vendor Advisory
http://www.vupen.com/english/advisories/2010/3116	Broken Link Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:vmware:workstation:7.0:::::::*
	cpe:2.3:a:vmware:workstation:7.0.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.2:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:vmware:player:3.1:::::::*
	cpe:2.3:a:vmware:player:3.1.1:::::::*
	cpe:2.3:a:vmware:player:3.1.2:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:vmware:fusion:3.1:::::::*
	cpe:2.3:a:vmware:fusion:3.1.1:::::::*
	cpe:2.3:a:vmware:fusion:3.1.2:::::::*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

History

14 Dec 2022, 16:51

Type	Values Removed	Values Added
References	~~(BUGTRAQ) http://www.securityfocus.com/archive/1/514995/100/0/threaded -~~	(BUGTRAQ) http://www.securityfocus.com/archive/1/514995/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~(OSVDB) http://osvdb.org/69585 -~~	(OSVDB) http://osvdb.org/69585 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/42453 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/42453 - Broken Link, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/42482 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/42482 - Broken Link, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/45167 -~~	(BID) http://www.securityfocus.com/bid/45167 - Broken Link, Third Party Advisory, VDB Entry
References	~~(VUPEN) http://www.vupen.com/english/advisories/2010/3116 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2010/3116 - Broken Link, Vendor Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id?1024820 -~~	(SECTRACK) http://www.securitytracker.com/id?1024820 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SECTRACK) http://www.securitytracker.com/id?1024819 -~~	(SECTRACK) http://www.securitytracker.com/id?1024819 - Broken Link, Third Party Advisory, VDB Entry
References	~~(MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000112.html -~~	(MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000112.html - Mailing List, Vendor Advisory
First Time		Apple mac Os X Apple
CPE	cpe:2.3:o:linux:linux_kernel::::::::	cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:apple:mac_os_x:-:::::::*

Information

Published : 2010-12-06 21:05

Updated : 2023-12-10 11:03

NVD link : CVE-2010-4295

Mitre link : CVE-2010-4295

CVE.ORG link : CVE-2010-4295

JSON object : View

Products Affected

vmware

fusion
player
server
workstation

linux

linux_kernel

apple

mac_os_x

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

6.9 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2010-4295

6.9^/10

Attach tags to `CVE-2010-4295`