CVE-2010-4296

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
References
Link Resource
http://lists.vmware.com/pipermail/security-announce/2010/000112.html Mailing List Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0018.html Vendor Advisory
http://secunia.com/advisories/42482 Broken Link Vendor Advisory
http://www.securitytracker.com/id?1024820 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/3116 Broken Link Third Party Advisory
http://secunia.com/advisories/42453 Broken Link Vendor Advisory
http://www.securitytracker.com/id?1024819 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45168 Broken Link Third Party Advisory VDB Entry
http://osvdb.org/69584 Broken Link
http://www.securityfocus.com/archive/1/514995/100/0/threaded Broken Link Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Information

Published : 2010-12-06 13:05

Updated : 2022-12-14 08:45


NVD link : CVE-2010-4296

Mitre link : CVE-2010-4296


JSON object : View

CWE
CWE-863

Incorrect Authorization

Advertisement

dedicated server usa

Products Affected

vmware

  • workstation
  • player
  • fusion
  • server

linux

  • linux_kernel

apple

  • mac_os_x