VMware Open Virtual Machine Tools File Corruption Vulnerability Network Vulnerability

Summary

This host is installed with VMware Open Virtual Machine Tools and is prone to file corruption vulnerability.

Impact

Successful exploitation will allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value.

Solution

Upgrade to version 2011.05.27 or later, For updates refer to http://sourceforge.net/projects/open-vm-tools/files/open-vm-tools

Insight

The flaw is due to an error in 'vmware-hgfsmounter', which attempts to append to the '/etc/mtab' file without first checking whether resource limits would interfere.

Affected

VMware Open Virtual Machine Tools version 8.4.2-261024 and prior.

References

http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/4

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1681
CVSS Base Score: 3.3
AV:L/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Gale Version Detection
FTPShell Server Version Detection
Gather hardware info
Check SSL Weak Ciphers and Supported Ciphers
DNS AXFR

Take action and discover your vulnerabilities