VMware Products Multiple Vulnerabilities (VMSA-2011-0009)

high Nessus Plugin ID 54996

Synopsis

The remote host has a virtualization application affected by multiple vulnerabilities.

Description

A VMware product (Player or Workstation) detected on the remote host has multiple vulnerabilities in the Host Guest File System :

- An attacker with access to a Guest operating system can determine if a path exists in the Host filesystem and whether it's a file or a directory regardless of permissions. (CVE-2011-2146)

- A race condition in mount.vmhgfs may allow an attacker with access to a Guest to mount on arbitrary directories in the Guest filesystem and escalate their privileges if they can control the contents of the mounted directory.
(CVE-2011-1787)

- A procedural error allows an attacker with access to a Solaris or FreeBSD Guest operating system to gain write access to an arbitrary file in the Guest filesystem.
(CVE-2011-2145)

These vulnerabilities only affect non-Windows guest operating systems.

Solution

Upgrade to :

- VMware Workstation 7.1.4 or later.
- VMware Player 3.1.4 or later.

In addition to patching, VMware Tools must be updated on all non- Windows guest VMs in order to completely mitigate certain vulnerabilities. Refer to the VMware advisory for more information.

See Also

http://www.vmware.com/security/advisories/VMSA-2011-0009.html

http://lists.vmware.com/pipermail/security-announce/2011/000141.html

Plugin Details

Severity: High

ID: 54996

File Name: vmware_multiple_vmsa_2011_0009.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 6/8/2011

Updated: 3/27/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-1787

Vulnerability Information

CPE: cpe:/a:vmware:workstation, cpe:/a:vmware:player

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 6/2/2011

Vulnerability Publication Date: 6/2/2011

Reference Information

CVE: CVE-2011-1787, CVE-2011-2145, CVE-2011-2146

BID: 48098

VMSA: 2011-0009