VMware Workstation/Fusion RPC NULL Pointer Dereference Lets Local Users on a Guest System Cause Denial of Service Conditions on the Guest System
|
SecurityTracker Alert ID: 1039368 |
SecurityTracker URL: http://securitytracker.com/id/1039368
|
CVE Reference:
CVE-2017-4925
(Links to External Site)
|
Date: Sep 15 2017
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Workstation 12.x; Fusion 8.x
|
Description:
A vulnerability was reported in VMware Workstation/Fusion. A local user on the guest system can cause denial of service conditions on the guest system.
A local user on the guest system can issue a specially crafted RPC request to trigger a null pointer dereference and cause the guest system to crash.
Zhang Haitao reported this vulnerability.
|
Impact:
A local user on the guest system can the guest system to crash.
|
Solution:
The vendor has issued a fix (Workstation 12.5.3; Fusion 8.5.4).
The vendor advisory is available at:
https://www.vmware.com/security/advisories/VMSA-2017-0015.html
|
Vendor URL: www.vmware.com/security/advisories/VMSA-2017-0015.html (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|