SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
VMware Workstation/Player Access Control Flaw Lets Local Users Gain Elevated Privileges on the Host System
SecurityTracker Alert ID:  1032823
SecurityTracker URL:  http://securitytracker.com/id/1032823
CVE Reference:   CVE-2015-3650   (Links to External Site)
Date:  Jul 10 2015
Impact:   Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation for Windows 10.x prior to 10.0.7, 11.x prior to 11.1.1; Player for Windows 6.x prior to 6.0.7, 7.x prior to 7.1.1
Description:   A vulnerability was reported in VMware Workstation and Player. A local user can gain elevated privileges on the host system.

The system does not set a discretionary access control list (DACL) on a particular process. A local user can execute code in the security context of the target process and gain elevated privileges on the host system.

Kyriakos Economou of Nettitude reported this vulnerability.

Impact:   A local user can gain elevated privileges on the host system.
Solution:   The vendor has issued a fix (Workstation 10.0.7, 11.1.1; Player 6.0.7, 7.1.1).

The vendor's advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2015-0005.html

Vendor URL:  www.vmware.com/security/advisories/VMSA-2015-0005.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Security-announce] NEW VMSA-2015-0005 "VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability"

--===============5886142533496722038==
Content-Language: en-US
Content-Type: multipart/signed;
	boundary="Apple-Mail=_765B94AA-7159-4D58-B3DF-3810A716708B";
	protocol="application/pgp-signature"; micalg=pgp-sha1

--Apple-Mail=_765B94AA-7159-4D58-B3DF-3810A716708B
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2015-0005
Synopsis:    VMware Workstation, Player and Horizon View Client for
             Windows updates address a host privilege escalation
             vulnerability

Issue date:  2015-07-09
Updated on:  2015-07-09
CVE number:  CVE-2015-3650
------------------------------------------------------------------------

1. Summary

   VMware Workstation, Player and Horizon View Client for Windows
   updates address a host privilege escalation vulnerability.

2. Relevant Releases

   VMware Workstation for Windows 11.x prior to version 11.1.1
   VMware Workstation for Windows 10.x prior to version 10.0.7
   VMware Player for Windows 7.x prior to version 7.1.1
   VMware Player for Windows 6.x prior to version 6.0.7
   VMware Horizon Client for Windows (with Local Mode Option) prior to
   version 5.4.2


3. Problem Description

   a. VMware Workstation, Player and Horizon View Client for Windows
      host privilege escalation vulnerability.

      VMware Workstation, Player and Horizon View Client for Windows do
      not set a discretionary access control list (DACL) for one of
      their processes. This may allow a local attacker to elevate their
      privileges and execute code in the security context of the
      affected process.

      VMware would like to thank Kyriakos Economou of Nettitude for
      reporting this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-3650 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                        Product    Running   Replace with/
      Product                       Version    on        Apply Patch
      =============                 =======    =======   ===============
      VMware Workstation             11.x      Windows   11.1.1
      VMware Workstation             10.x      Windows   10.0.7

      VMware Player                  7.x       Windows   7.1.1
      VMware Player                  6.x       Windows   6.0.7

      VMware Horizon Client for      5.x       Windows   5.4.2
      Windows (with Local Mode Option)

      VMware Horizon Client for      3.x       any       not affected
      Windows



4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware Workstation
   --------------------------------
   https://www.vmware.com/go/downloadworkstation

   VMware Player
   --------------------------------
   https://www.vmware.com/go/downloadplayer

   VMware Horizon Clients
   --------------------------------
   https://www.vmware.com/go/viewclients


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650

------------------------------------------------------------------------

6. Change log

   2015-07-09 VMSA-2015-0005
   Initial security advisory.

------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2015 VMware Inc.  All rights reserved.

--Apple-Mail=_765B94AA-7159-4D58-B3DF-3810A716708B
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iEYEARECAAYFAlWe7YMACgkQDEcm8Vbi9kPHKgCeMuLIwcFhvcKRP3y/ZA0LNszx
4sMAnRS7Oueg1OGzRV7cnKvHnG3mWkXQ
=rwtw
-----END PGP SIGNATURE-----

--Apple-Mail=_765B94AA-7159-4D58-B3DF-3810A716708B--

--===============5886142533496722038==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce

--===============5886142533496722038==--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC