VMware Products Multiple Vulnerabilities (VMSA-2010-0018)
High Nessus Plugin ID 51057
SynopsisThe remote host has a virtualization application affected by multiple vulnerabilities.
DescriptionA VMware product (Player, Workstation, Server, or Movie Decoder) detected on the remote host has one or more of the following vulnerabilities :
- A vulnerability in VMware Tools update could allow arbitrary code execution on non-Windows based guest operating systems with root privileges. (CVE-2010-4297)
- A vulnerability in VMware VMnc Codec could allow arbitrary code execution subject to the privileges of the user running the application using the vulnerable codec. (CVE-2010-4294)
In addition to patching, VMware Tools must be manually updated on all guest VMs in order to completely mitigate certain vulnerabilities. Refer to the VMware advisory for more information.
SolutionUpgrade to :
- VMware Workstation 6.5.5 / 7.1.2 or later.
- VMware Player 2.5.5 / 3.1.2 or later.
- VMware Movie Decoder (standalone) 6.5.5/7.1.2 or later.