CVE-2010-4296

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.vmware.com/pipermail/security-announce/2010/000112.html	Mailing List Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0018.html	Vendor Advisory
http://secunia.com/advisories/42482	Broken Link Vendor Advisory
http://www.securitytracker.com/id?1024820	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/3116	Broken Link Third Party Advisory
http://secunia.com/advisories/42453	Broken Link Vendor Advisory
http://www.securitytracker.com/id?1024819	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45168	Broken Link Third Party Advisory VDB Entry
http://osvdb.org/69584	Broken Link
http://www.securityfocus.com/archive/1/514995/100/0/threaded	Broken Link Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:vmware:workstation:7.0:::::::*
	cpe:2.3:a:vmware:workstation:7.0.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.1:::::::*
	cpe:2.3:a:vmware:workstation:7.1.2:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:vmware:player:3.1.2:::::::*
	cpe:2.3:a:vmware:player:3.1:::::::*
	cpe:2.3:a:vmware:player:3.1.1:::::::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:vmware:fusion:3.1.2:::::::*
	cpe:2.3:a:vmware:fusion:3.1:::::::*
	cpe:2.3:a:vmware:fusion:3.1.1:::::::*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Information

Published : 2010-12-06 13:05

Updated : 2022-12-14 08:45

NVD link : CVE-2010-4296

Mitre link : CVE-2010-4296

JSON object : View

CWE

CWE-863

Incorrect Authorization

Products Affected

vmware

workstation
player
fusion
server

linux

linux_kernel

apple

mac_os_x

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.vmware.com/pipermail/security-announce/2010/000112.html", "name": "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", "name": "http://www.vmware.com/security/advisories/VMSA-2010-0018.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/42482", "name": "42482", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1024820", "name": "1024820", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2010/3116", "name": "ADV-2010-3116", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/42453", "name": "42453", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1024819", "name": "1024819", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/45168", "name": "45168", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://osvdb.org/69584", "name": "69584", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/archive/1/514995/100/0/threaded", "name": "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-863"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4296", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-12-06T21:05Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-14T16:45Z"}

7.2 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2010-4296

7.2^/10

Attach tags to `CVE-2010-4296`