Summary
The host is installed with VMWare product(s) which are vulnerable to multiple vulnerabilities.
Impact
Successful exploitation allows attackers to gain privileges on the guest OS.
Impact Level: Application
Solution
Apply the patch or upgrade to player 3.1.4 or later, http://www.vmware.com/products/player/
http://downloads.vmware.com/d/info/desktop_downloads/vmware_player/3_0
Apply the patch or upgrade to VMware Workstation 7.1.4 or later, http://downloads.vmware.com/d/info/desktop_downloads/vmware_workstation/7_0
Apply the patch for VMware ESX,
http://kb.vmware.com/kb/1035110
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062017/ESX410-201104001.z
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
Multiple flaws are due to,
- An information disclosure vulnerability in 'Mount.vmhgfs', allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.
- A race condition privilege escalation in 'Mount.vmhgfs' via a race condition, that allows guest OS users to gain privileges on the guest OS by mounting a file system on top of an arbitrary directory.
Affected
VMware ESX 3.0.3 to 4.1
VMware Player 3.1.x before 3.1.4
VMware Workstation 7.1.x before 7.1.4 on Linux.
References
Severity
Classification
-
CVE CVE-2011-1787, CVE-2011-2146 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)
- Adobe Reader Unspecified Vulnerability (Windows)
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability