CVE-2010-4295

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
References
Link Resource
http://lists.vmware.com/pipermail/security-announce/2010/000112.html Mailing List Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0018.html Vendor Advisory
http://secunia.com/advisories/42453 Broken Link Vendor Advisory
http://www.securitytracker.com/id?1024820 Broken Link Third Party Advisory VDB Entry
http://osvdb.org/69585 Broken Link
http://www.vupen.com/english/advisories/2010/3116 Broken Link Vendor Advisory
http://secunia.com/advisories/42482 Broken Link Vendor Advisory
http://www.securitytracker.com/id?1024819 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45167 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/514995/100/0/threaded Broken Link Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Information

Published : 2010-12-06 13:05

Updated : 2022-12-14 08:51


NVD link : CVE-2010-4295

Mitre link : CVE-2010-4295


JSON object : View

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

dedicated server usa

Products Affected

vmware

  • workstation
  • player
  • fusion
  • server

linux

  • linux_kernel

apple

  • mac_os_x