CVE-2010-4296

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.vmware.com/pipermail/security-announce/2010/000112.html	Mailing List Vendor Advisory
http://osvdb.org/69584	Broken Link
http://secunia.com/advisories/42453	Broken Link Vendor Advisory
http://secunia.com/advisories/42482	Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/514995/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45168	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024819	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024820	Broken Link Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0018.html	Vendor Advisory
http://www.vupen.com/english/advisories/2010/3116	Broken Link Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:vmware:workstation:7.0:::::::*
	cpe:2.3:a:vmware:workstation:7.0.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.2:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:vmware:player:3.1:::::::*
	cpe:2.3:a:vmware:player:3.1.1:::::::*
	cpe:2.3:a:vmware:player:3.1.2:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:vmware:fusion:3.1:::::::*
	cpe:2.3:a:vmware:fusion:3.1.1:::::::*
	cpe:2.3:a:vmware:fusion:3.1.2:::::::*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

History

14 Dec 2022, 16:45

Type	Values Removed	Values Added
CWE	~~CWE-264~~	CWE-863
First Time		Apple mac Os X Apple
CPE	cpe:2.3:o:linux:linux_kernel::::::::	cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:apple:mac_os_x:-:::::::*
References	~~(BUGTRAQ) http://www.securityfocus.com/archive/1/514995/100/0/threaded -~~	(BUGTRAQ) http://www.securityfocus.com/archive/1/514995/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~(SECUNIA) http://secunia.com/advisories/42453 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/42453 - Broken Link, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/42482 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/42482 - Broken Link, Vendor Advisory
References	~~(OSVDB) http://osvdb.org/69584 -~~	(OSVDB) http://osvdb.org/69584 - Broken Link
References	~~(VUPEN) http://www.vupen.com/english/advisories/2010/3116 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2010/3116 - Broken Link, Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id?1024820 -~~	(SECTRACK) http://www.securitytracker.com/id?1024820 - Broken Link, Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/45168 -~~	(BID) http://www.securityfocus.com/bid/45168 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SECTRACK) http://www.securitytracker.com/id?1024819 -~~	(SECTRACK) http://www.securitytracker.com/id?1024819 - Broken Link, Third Party Advisory, VDB Entry
References	~~(MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000112.html -~~	(MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000112.html - Mailing List, Vendor Advisory

Information

Published : 2010-12-06 21:05

Updated : 2023-12-10 11:03

NVD link : CVE-2010-4296

Mitre link : CVE-2010-4296

CVE.ORG link : CVE-2010-4296

JSON object : View

Products Affected

vmware

fusion
workstation
player
server

apple

mac_os_x

linux

linux_kernel

CWE

CWE-863

Incorrect Authorization

7.2 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2010-4296

7.2^/10

Attach tags to `CVE-2010-4296`