VMware Workstation 'vmrun' Library Path Privilege Escalation Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VMWare Workstation local privilege escalation vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code with elevated privileges, which may aid in other attacks. Impact Level: System/Application

Solution

Apply the patch or upgrade workstation 7.1.4 build 385536 For updates refer to http://www.vmware.com/products/ws/ ***** NOTE: Ignore this warning, if above mentioned workaround is manually applied. *****

Insight

The flaw is caused by an error in the 'vmrun' utility when handling library paths, which could be exploited to execute arbitrary code by tricking a user into running a vulnerable utility in a directory containing a specially crafted file.

Affected

VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux.

References

http://packetstormsecurity.org/files/tags/advisory
http://secunia.com/advisories/43885
http://securitytracker.com/id?1025270
http://www.vmware.com/security/advisories/VMSA-2011-0006.html
http://www.vupen.com/english/advisories/2011/0816

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1126
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
Adobe Flash Media Server Video Stream Capture Security Issue
Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)

Take action and discover your vulnerabilities