SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   VMware Vendors:   VMware, Inc.
VMware Workstation and Player USB Service Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1023834
SecurityTracker URL:  http://securitytracker.com/id/1023834
CVE Reference:   CVE-2010-1140   (Links to External Site)
Date:  Apr 9 2010
Impact:   Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 7.0, Player 3.0
Description:   A vulnerability was reported in VMware Workstation and Player. A local user can obtain elevated privileges on the target system.

A physically local user with access to a USB port can place a specially crafted executable on the target system to execute arbitrary code on the target guest operating system with elevated privileges.

Windows-based VMware Workstation and Player versions are affected.

Thierry Zoller reported this vulnerability.

Impact:   A physically local user may be able to obtain elevated privileges on the target guest operating system.
Solution:   The vendor has issued a fix (Workstation 7.0.1 build 227600, Player 3.0.1 build 227600).

The vendor's advisory will be available at:

http://www.vmware.com/security/advisories/

Vendor URL:  www.vmware.com/security/advisories/ (Links to External Site)
Cause:   Not specified
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Fri, 09 Apr 2010 16:01:36 +0000
Subject:  VMware


 c. Windows-based VMware Workstation and Player host privilege
    escalation

    A vulnerability in the USB service allows for a privilege
    escalation. A local attacker on the host of a Windows-based
    Operating System where VMware Workstation or VMware Player
    is installed could plant a malicious executable on the host and
    elevate their privileges.

    In order for an attacker to exploit the vulnerability, the attacker
    would need to be able to plant their malicious executable in a
    certain location on the host machine.  On most recent versions of
    Windows (XP, Vista) the attacker would need to have administrator
    privileges to plant the malicious executable in the right location.

    VMware would like to thank Thierry Zoller for reporting this issue
    to us.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-1140 to this issue.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    Workstation    7.0       Windows  7.0.1 build 227600 or later
    Workstation    7.0       Linux    not affected
    Workstation    6.5.x     any      not affected

    Player         3.0       Windows  3.0.1 build 227600 or later
    Player         3.0       Linux    not affected
    Player         2.5.x     any      not affected

    Ace            any       any      not affected

    Server         2.x       any      not affected

    Fusion         any       Mac OS/X not affected

    ESXi           any       ESXi     not affected

    ESX            any       ESX      not affected


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC