The host is installed with VMWare products multiple local privilege escalation Vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary code with elevated privileges, this may aid in other attacks. Impact Level: System/Application

Upgrade workstation 7.1.2 build 301548 http://www.vmware.com/products/ws/ Upgrade to Player 3.1.2 build 301548 http://www.vmware.com/products/player/ For VMware Server version 2.x, No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

The flaws are due to - Race conditions within the 'vmware-mount' utility when handling temporary files during the mounting process can be exploited to create files or directories. - An error within the 'vmware-mount' utility when loading libraries that can be exploited to execute arbitrary code with root privileges.

VMware Server version 2.x VMware Player 3.x before 3.1.2 build 301548 VMware Workstation 7.x before 7.1.2 build 301548 on Linux

• http://lists.vmware.com/pipermail/security-announce/2010/000112.html
• http://secunia.com/advisories/42453/
• http://www.vmware.com/security/advisories/VMSA-2010-0018.html

---

Updated on 2015-03-25