VMware Products Multiple Vulnerabilities (VMSA-2011-0009)

High Nessus Plugin ID 54996


The remote host has a virtualization application affected by multiple vulnerabilities.


A VMware product (Player or Workstation) detected on the remote host has multiple vulnerabilities in the Host Guest File System :

- An attacker with access to a Guest operating system can determine if a path exists in the Host filesystem and whether it's a file or a directory regardless of permissions. (CVE-2011-2146)

- A race condition in mount.vmhgfs may allow an attacker with access to a Guest to mount on arbitrary directories in the Guest filesystem and escalate their privileges if they can control the contents of the mounted directory.

- A procedural error allows an attacker with access to a Solaris or FreeBSD Guest operating system to gain write access to an arbitrary file in the Guest filesystem.

These vulnerabilities only affect non-Windows guest operating systems.


Upgrade to :

- VMware Workstation 7.1.4 or later.
- VMware Player 3.1.4 or later.

In addition to patching, VMware Tools must be updated on all non- Windows guest VMs in order to completely mitigate certain vulnerabilities. Refer to the VMware advisory for more information.

See Also



Plugin Details

Severity: High

ID: 54996

File Name: vmware_multiple_vmsa_2011_0009.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Family: Windows

Published: 2011/06/08

Modified: 2016/08/16

Dependencies: 26201, 31728

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:workstation, cpe:/a:vmware:player

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/06/02

Vulnerability Publication Date: 2011/06/02

Reference Information

CVE: CVE-2011-1787, CVE-2011-2145, CVE-2011-2146

BID: 48098

OSVDB: 73240, 73241, 73242

VMSA: 2011-0009

IAVA: 2011-A-0075