4 results (0.010 seconds)

CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 1

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, utiliza los permisos 0644 para el archivo vm-support, lo que permite a usuarios locales obtener información sensible mediante la extracción de ficheros de este archivo. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.securityfocus.com/bid/69410 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95494 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. vm-support 0.88 en VMware Tools, distribuido con VMware Workstation hasta 10.0.3 y otros productos, permite a usuarios locales escribir a ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /tmp. vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities. • http://seclists.org/fulldisclosure/2014/Aug/71 http://www.osvdb.org/110458 http://www.securitytracker.com/id/1030758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95493 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.9EPSS: 0%CPEs: 23EXPL: 2

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. vmware-mount en VMware Workstation v8.x y v9.x y VMware Player v4.x y v5.x, en sistemas basados en Debian GNU/Linux, permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host manipulando la ruta del directorio del ejecutable lsb_release, relacionado con el uso de la librería de funciones popen. VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us. • https://www.exploit-db.com/exploits/27938 https://www.exploit-db.com/exploits/40169 http://blog.cmpxchg8b.com/2013/08/security-debianisms.html http://www.vmware.com/security/advisories/VMSA-2013-0010.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 41EXPL: 1

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. La implementación en vmci.sys en el Virtual Machine Communication Interface (VMCI) en VMware Workstation v8.x anterior a v8.0.5 y v9.x anterior a v9.0.1 para Windows, VMware Fusion v4.1 anterior a v4.1.4 y 5.0 anterior a v5.0.2, VMware View v4.x anterior a v4.6.2 y v5.x anterior a v5.1.2 para Windows, VMware ESXi v4.0 a la v5.1, y VMware ESX v4.0 y v4.1, no restringe adecuadamente la asignación de memoria por control código, lo que permite a usuarios locales elevar sus privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/40164 http://www.vmware.com/security/advisories/VMSA-2013-0002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164 • CWE-20: Improper Input Validation •