// For flags

CVE-2013-1662

VMware - Setuid VMware-mount Unsafe popen

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

vmware-mount en VMware Workstation v8.x y v9.x y VMware Player v4.x y v5.x, en sistemas basados en Debian GNU/Linux, permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host manipulando la ruta del directorio del ejecutable lsb_release, relacionado con el uso de la librería de funciones popen.

VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-02-12 CVE Reserved
  • 2013-08-22 First Exploit
  • 2013-08-23 CVE Published
  • 2024-09-17 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0
Search vendor "Vmware" for product "Workstation" and version "8.0"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.0.18997
Search vendor "Vmware" for product "Workstation" and version "8.0.0.18997"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.1
Search vendor "Vmware" for product "Workstation" and version "8.0.1"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.1.27038
Search vendor "Vmware" for product "Workstation" and version "8.0.1.27038"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.2
Search vendor "Vmware" for product "Workstation" and version "8.0.2"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.3
Search vendor "Vmware" for product "Workstation" and version "8.0.3"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.4
Search vendor "Vmware" for product "Workstation" and version "8.0.4"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.5
Search vendor "Vmware" for product "Workstation" and version "8.0.5"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 8.0.6
Search vendor "Vmware" for product "Workstation" and version "8.0.6"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 9.0
Search vendor "Vmware" for product "Workstation" and version "9.0"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 9.0.1
Search vendor "Vmware" for product "Workstation" and version "9.0.1"
-
Affected
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 9.0.2
Search vendor "Vmware" for product "Workstation" and version "9.0.2"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0
Search vendor "Vmware" for product "Player" and version "4.0"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0.0.18997
Search vendor "Vmware" for product "Player" and version "4.0.0.18997"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0.1
Search vendor "Vmware" for product "Player" and version "4.0.1"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0.2
Search vendor "Vmware" for product "Player" and version "4.0.2"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0.3
Search vendor "Vmware" for product "Player" and version "4.0.3"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0.4
Search vendor "Vmware" for product "Player" and version "4.0.4"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0.5
Search vendor "Vmware" for product "Player" and version "4.0.5"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 4.0.6
Search vendor "Vmware" for product "Player" and version "4.0.6"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 5.0
Search vendor "Vmware" for product "Player" and version "5.0"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 5.0.1
Search vendor "Vmware" for product "Player" and version "5.0.1"
-
Affected
Vmware
Search vendor "Vmware"
 Player
Search vendor "Vmware" for product "Player"
 5.0.2
Search vendor "Vmware" for product "Player" and version "5.0.2"
-
Affected