cvelistv5 - CVE-2011-2145

CVE-2011-2145 (GCVE-0-2011-2145)

Vulnerability from cvelistv5 – Published: 2011-06-06 19:00 – Updated: 2024-08-06 22:53

Summary

mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/44904	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/48098	vdb-entryx_refsource_BID
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/44840	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1025601	vdb-entryx_refsource_SECTRACK
	https://hermes.opensuse.org/messages/8711677	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:53:17.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44904",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44904"
          },
          {
            "name": "48098",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48098"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
          },
          {
            "name": "vmware-mountvmhgfs-privilege-esc(67815)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
          },
          {
            "name": "44840",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44840"
          },
          {
            "name": "1025601",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025601"
          },
          {
            "name": "openSUSE-SU-2011:0617",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/8711677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "44904",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44904"
        },
        {
          "name": "48098",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48098"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
        },
        {
          "name": "vmware-mountvmhgfs-privilege-esc(67815)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
        },
        {
          "name": "44840",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44840"
        },
        {
          "name": "1025601",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025601"
        },
        {
          "name": "openSUSE-SU-2011:0617",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/8711677"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2145",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44904",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44904"
            },
            {
              "name": "48098",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48098"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
            },
            {
              "name": "vmware-mountvmhgfs-privilege-esc(67815)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
            },
            {
              "name": "44840",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44840"
            },
            {
              "name": "1025601",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025601"
            },
            {
              "name": "openSUSE-SU-2011:0617",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/8711677"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2145",
    "datePublished": "2011-06-06T19:00:00",
    "dateReserved": "2011-05-17T00:00:00",
    "dateUpdated": "2024-08-06T22:53:17.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B6F7416-E694-4EC9-9FE5-0C24448ECB34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE5ECA1B-7415-4390-8018-670F2C3CDF35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"889DE9BE-886F-4BEF-A794-5B5DE73D2322\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD59C463-F352-4F6C-853F-415E3FB4ABDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BDAA7C8-8F2F-4037-A517-2C1EDB70B203\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73C9E205-87EE-4CE2-A252-DED7BB6D4EAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"051D820C-E5F4-4DA2-8914-5A33FCFF2D1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69FFA61C-2258-4006-AECA-D324F5700990\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50D2840A-5AF2-4AC4-9243-07CE93E9E9B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C158CD97-41BA-4422-9A55-B1A8650A0900\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"477D5F22-7DDD-461D-9CD1-2B2A968F6CB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C174C452-7249-4B26-9F26-DFE9B3476874\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAA72ED8-3229-4220-BE75-712CA6E21062\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13A31E93-7671-492E-A78F-89CF4703B04D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99ADA116-A571-4788-8DF2-09E8A2AF92F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2818FD22-8BC5-4803-8D62-D7C7C22556F9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9EC02F3-3905-460D-8949-3B26394215CA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05924C67-F9A0-450E-A5B8-059651DD32E3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \\\"procedural error.\\\"\"}, {\"lang\": \"es\", \"value\": \"mount.vmhgfs en el Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Player versiones 3.1.x anteriores a 3.1.4, VMware Fusion versiones 3.1.x anteriores a 3.1.3, VMware ESXi versiones 3.5 hasta 4.1, y VMware ESX versiones 3.0.3 hasta 4.1, cuando es utilizado un Sistema Operativo invitado de Solaris o FreeBSD, permite a los usuarios del sistema operativo invitado modificar archivos del sistema operativo invitado arbitrarios por medio  de vectores no especificados, relacionados con un \\\"procedural error\\\".\"}]",
      "id": "CVE-2011-2145",
      "lastModified": "2024-11-21T01:27:41.140",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:N/I:C/A:C\", \"baseScore\": 6.3, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 9.2, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-06-06T19:55:02.833",
      "references": "[{\"url\": \"http://secunia.com/advisories/44840\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/44904\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/48098\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1025601\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67815\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://hermes.opensuse.org/messages/8711677\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/44840\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/44904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025601\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/67815\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://hermes.opensuse.org/messages/8711677\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2145\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-06-06T19:55:02.833\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \\\"procedural error.\\\"\"},{\"lang\":\"es\",\"value\":\"mount.vmhgfs en el Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Player versiones 3.1.x anteriores a 3.1.4, VMware Fusion versiones 3.1.x anteriores a 3.1.3, VMware ESXi versiones 3.5 hasta 4.1, y VMware ESX versiones 3.0.3 hasta 4.1, cuando es utilizado un Sistema Operativo invitado de Solaris o FreeBSD, permite a los usuarios del sistema operativo invitado modificar archivos del sistema operativo invitado arbitrarios por medio  de vectores no especificados, relacionados con un \\\"procedural error\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:C/A:C\",\"baseScore\":6.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6F7416-E694-4EC9-9FE5-0C24448ECB34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE5ECA1B-7415-4390-8018-670F2C3CDF35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"889DE9BE-886F-4BEF-A794-5B5DE73D2322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD59C463-F352-4F6C-853F-415E3FB4ABDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BDAA7C8-8F2F-4037-A517-2C1EDB70B203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73C9E205-87EE-4CE2-A252-DED7BB6D4EAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"051D820C-E5F4-4DA2-8914-5A33FCFF2D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69FFA61C-2258-4006-AECA-D324F5700990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50D2840A-5AF2-4AC4-9243-07CE93E9E9B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C158CD97-41BA-4422-9A55-B1A8650A0900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477D5F22-7DDD-461D-9CD1-2B2A968F6CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C174C452-7249-4B26-9F26-DFE9B3476874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAA72ED8-3229-4220-BE75-712CA6E21062\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13A31E93-7671-492E-A78F-89CF4703B04D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99ADA116-A571-4788-8DF2-09E8A2AF92F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2818FD22-8BC5-4803-8D62-D7C7C22556F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9EC02F3-3905-460D-8949-3B26394215CA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05924C67-F9A0-450E-A5B8-059651DD32E3\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/44840\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44904\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/48098\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1025601\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67815\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://hermes.opensuse.org/messages/8711677\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44840\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://hermes.opensuse.org/messages/8711677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2011-2145

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2145

Aliases

CVE-2011-2145

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2145",
    "description": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\"",
    "id": "GSD-2011-2145",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-2145.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2145"
      ],
      "details": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\"",
      "id": "GSD-2011-2145",
      "modified": "2023-12-13T01:19:06.507231Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-2145",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "44904",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44904"
          },
          {
            "name": "48098",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/48098"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
          },
          {
            "name": "vmware-mountvmhgfs-privilege-esc(67815)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
          },
          {
            "name": "44840",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44840"
          },
          {
            "name": "1025601",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025601"
          },
          {
            "name": "openSUSE-SU-2011:0617",
            "refsource": "SUSE",
            "url": "https://hermes.opensuse.org/messages/8711677"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:7.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:3.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2145"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
            },
            {
              "name": "openSUSE-SU-2011:0617",
              "refsource": "SUSE",
              "tags": [],
              "url": "https://hermes.opensuse.org/messages/8711677"
            },
            {
              "name": "44904",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44904"
            },
            {
              "name": "1025601",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025601"
            },
            {
              "name": "44840",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44840"
            },
            {
              "name": "48098",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48098"
            },
            {
              "name": "vmware-mountvmhgfs-privilege-esc(67815)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:29Z",
      "publishedDate": "2011-06-06T19:55Z"
    }
  }
}

CERTA-2011-AVI-330

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare, dont certaines peuvent permettre l'exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare :

une vulnérabilité dans le pilote pour les cartes Intel PRO/1000 sous Linux, qui peut être exploitée pour contourner les filtres réseaux ;
plusieurs vulnérabilités dans des composants tiers du serveur ESX permettent à un utilisateur local malveillant d'élever ses privilèges, à un attaquant sous certaines conditions d'exécuter du code arbitraire à distance, et à un attaquant de créer des dénis de service localement ou à distance ;
plusieurs vulnérabilités dans le système de fichiers Host Guest (HGFS) pour les systèmes Unix peuvent être exploitées par un attaquant dans la machine cliente pour obtenir des informations sur l'existence de fichiers sur la machine hôte, et pour élever ses privilèges (notamment par un accès concurrentiel type "Race Condition" en montant un répertoire) ;
une vulnérabilité dans les contrôles ActiveX du client VI permet à un attaquant d'exécuter du code arbitraire à distance à l'aide d'un site Web spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMWare Workstation versions 7.1.3 et antérieures ;
VMware	N/A	VMWare Player versions 3.1.3 et antérieures ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESX400-201104401-BG ;
VMware	Fusion	VMWare Fusion versions 3.1.2 et antérieures ;
VMware	ESXi	ESXi 4.1 sans le correctif ESX410-201104401-BG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESXi400-201104402-BG ;
VMware	ESXi	ESXi 4.1 sans le correctif ESXi410-201104402-BG ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2011-0009 du 06 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare Workstation versions 7.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Player versions 3.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESX400-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Fusion versions 3.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESX410-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESXi400-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESXi410-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare\n:\n\n-   une vuln\u00e9rabilit\u00e9 dans le pilote pour les cartes Intel PRO/1000 sous\n    Linux, qui peut \u00eatre exploit\u00e9e pour contourner les filtres r\u00e9seaux ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans des composants tiers du serveur ESX\n    permettent \u00e0 un utilisateur local malveillant d\u0027\u00e9lever ses\n    privil\u00e8ges, \u00e0 un attaquant sous certaines conditions d\u0027ex\u00e9cuter du\n    code arbitraire \u00e0 distance, et \u00e0 un attaquant de cr\u00e9er des d\u00e9nis de\n    service localement ou \u00e0 distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans le syst\u00e8me de fichiers Host Guest\n    (HGFS) pour les syst\u00e8mes Unix peuvent \u00eatre exploit\u00e9es par un\n    attaquant dans la machine cliente pour obtenir des informations sur\n    l\u0027existence de fichiers sur la machine h\u00f4te, et pour \u00e9lever ses\n    privil\u00e8ges (notamment par un acc\u00e8s concurrentiel type \"Race\n    Condition\" en montant un r\u00e9pertoire) ;\n-   une vuln\u00e9rabilit\u00e9 dans les contr\u00f4les ActiveX du client VI permet \u00e0\n    un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance \u00e0 l\u0027aide d\u0027un\n    site Web sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2240"
    },
    {
      "name": "CVE-2011-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1787"
    },
    {
      "name": "CVE-2011-2145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2145"
    },
    {
      "name": "CVE-2009-3080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3080"
    },
    {
      "name": "CVE-2011-2217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2217"
    },
    {
      "name": "CVE-2009-4536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4536"
    },
    {
      "name": "CVE-2010-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1188"
    },
    {
      "name": "CVE-2011-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2146"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-330",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare,\ndont certaines peuvent permettre l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMWare",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0009 du 06 juin 2011",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ]
}

CERTA-2011-AVI-330

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare, dont certaines peuvent permettre l'exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été corrigées dans les produits VMWare :

une vulnérabilité dans le pilote pour les cartes Intel PRO/1000 sous Linux, qui peut être exploitée pour contourner les filtres réseaux ;
plusieurs vulnérabilités dans des composants tiers du serveur ESX permettent à un utilisateur local malveillant d'élever ses privilèges, à un attaquant sous certaines conditions d'exécuter du code arbitraire à distance, et à un attaquant de créer des dénis de service localement ou à distance ;
plusieurs vulnérabilités dans le système de fichiers Host Guest (HGFS) pour les systèmes Unix peuvent être exploitées par un attaquant dans la machine cliente pour obtenir des informations sur l'existence de fichiers sur la machine hôte, et pour élever ses privilèges (notamment par un accès concurrentiel type "Race Condition" en montant un répertoire) ;
une vulnérabilité dans les contrôles ActiveX du client VI permet à un attaquant d'exécuter du code arbitraire à distance à l'aide d'un site Web spécialement conçu.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMWare Workstation versions 7.1.3 et antérieures ;
VMware	N/A	VMWare Player versions 3.1.3 et antérieures ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESX400-201104401-BG ;
VMware	Fusion	VMWare Fusion versions 3.1.2 et antérieures ;
VMware	ESXi	ESXi 4.1 sans le correctif ESX410-201104401-BG ;
VMware	ESXi	ESXi 4.0 sans le correctif ESXi400-201104402-BG ;
VMware	ESXi	ESXi 4.1 sans le correctif ESXi410-201104402-BG ;
VMware	ESXi	ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2011-0009 du 06 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMWare Workstation versions 7.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Player versions 3.1.3 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESXe350-201105401-SG et ESXe350-201105402-T-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESX400-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMWare Fusion versions 3.1.2 et ant\u00e9rieures ;",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESX410-201104401-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.0 sans le correctif ESXi400-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 4.1 sans le correctif ESXi410-201104402-BG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "ESXi 3.5 sans les correctifs ESX350-201105401-SG, ESXe350-201105404-SG et ESXe350-201105406-SG ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare\n:\n\n-   une vuln\u00e9rabilit\u00e9 dans le pilote pour les cartes Intel PRO/1000 sous\n    Linux, qui peut \u00eatre exploit\u00e9e pour contourner les filtres r\u00e9seaux ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans des composants tiers du serveur ESX\n    permettent \u00e0 un utilisateur local malveillant d\u0027\u00e9lever ses\n    privil\u00e8ges, \u00e0 un attaquant sous certaines conditions d\u0027ex\u00e9cuter du\n    code arbitraire \u00e0 distance, et \u00e0 un attaquant de cr\u00e9er des d\u00e9nis de\n    service localement ou \u00e0 distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s dans le syst\u00e8me de fichiers Host Guest\n    (HGFS) pour les syst\u00e8mes Unix peuvent \u00eatre exploit\u00e9es par un\n    attaquant dans la machine cliente pour obtenir des informations sur\n    l\u0027existence de fichiers sur la machine h\u00f4te, et pour \u00e9lever ses\n    privil\u00e8ges (notamment par un acc\u00e8s concurrentiel type \"Race\n    Condition\" en montant un r\u00e9pertoire) ;\n-   une vuln\u00e9rabilit\u00e9 dans les contr\u00f4les ActiveX du client VI permet \u00e0\n    un attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance \u00e0 l\u0027aide d\u0027un\n    site Web sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-2240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2240"
    },
    {
      "name": "CVE-2011-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1787"
    },
    {
      "name": "CVE-2011-2145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2145"
    },
    {
      "name": "CVE-2009-3080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3080"
    },
    {
      "name": "CVE-2011-2217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2217"
    },
    {
      "name": "CVE-2009-4536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4536"
    },
    {
      "name": "CVE-2010-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1188"
    },
    {
      "name": "CVE-2011-2146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2146"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-330",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMWare,\ndont certaines peuvent permettre l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMWare",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0009 du 06 juin 2011",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ]
}

FKIE_CVE-2011-2145

Vulnerability from fkie_nvd - Published: 2011-06-06 19:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/44840
cve@mitre.org	http://secunia.com/advisories/44904
cve@mitre.org	http://www.securityfocus.com/bid/48098
cve@mitre.org	http://www.securitytracker.com/id?1025601
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2011-0009.html	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/67815
cve@mitre.org	https://hermes.opensuse.org/messages/8711677
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44840
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44904
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48098
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025601
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0009.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67815
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/8711677

Impacted products

Vendor	Product	Version
vmware	esx	3.0.3
vmware	esx	3.5
vmware	esx	4.0
vmware	esx	4.1
vmware	esxi	3.5
vmware	esxi	4.0
vmware	esxi	4.1
vmware	fusion	3.1
vmware	fusion	3.1.1
vmware	fusion	3.1.2
vmware	player	3.1
vmware	player	3.1.1
vmware	player	3.1.2
vmware	player	3.1.3
vmware	workstation	7.1.1
vmware	workstation	7.1.2
vmware	workstation	7.1.3
freebsd	freebsd	*
oracle	solaris	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73C9E205-87EE-4CE2-A252-DED7BB6D4EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "051D820C-E5F4-4DA2-8914-5A33FCFF2D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69FFA61C-2258-4006-AECA-D324F5700990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50D2840A-5AF2-4AC4-9243-07CE93E9E9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C158CD97-41BA-4422-9A55-B1A8650A0900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "477D5F22-7DDD-461D-9CD1-2B2A968F6CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C174C452-7249-4B26-9F26-DFE9B3476874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA72ED8-3229-4220-BE75-712CA6E21062",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A31E93-7671-492E-A78F-89CF4703B04D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99ADA116-A571-4788-8DF2-09E8A2AF92F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2818FD22-8BC5-4803-8D62-D7C7C22556F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9EC02F3-3905-460D-8949-3B26394215CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05924C67-F9A0-450E-A5B8-059651DD32E3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\""
    },
    {
      "lang": "es",
      "value": "mount.vmhgfs en el Host Guest File System (HGFS) de VMware en VMware Workstation versiones 7.1.x anteriores a 7.1.4, VMware Player versiones 3.1.x anteriores a 3.1.4, VMware Fusion versiones 3.1.x anteriores a 3.1.3, VMware ESXi versiones 3.5 hasta 4.1, y VMware ESX versiones 3.0.3 hasta 4.1, cuando es utilizado un Sistema Operativo invitado de Solaris o FreeBSD, permite a los usuarios del sistema operativo invitado modificar archivos del sistema operativo invitado arbitrarios por medio  de vectores no especificados, relacionados con un \"procedural error\"."
    }
  ],
  "id": "CVE-2011-2145",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-06-06T19:55:02.833",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44840"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44904"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48098"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025601"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://hermes.opensuse.org/messages/8711677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44840"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/8711677"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VPJ8-4CHW-6R65

Vulnerability from github – Published: 2022-05-17 01:55 – Updated: 2022-05-17 01:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2145"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-06T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\"",
  "id": "GHSA-vpj8-4chw-6r65",
  "modified": "2022-05-17T01:55:32Z",
  "published": "2022-05-17T01:55:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2145"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67815"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/8711677"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44840"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44904"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48098"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025601"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2145 (GCVE-0-2011-2145)

GSD-2011-2145

CERTA-2011-AVI-330

Description

Solution

CERTA-2011-AVI-330

Description

Solution

FKIE_CVE-2011-2145

GHSA-VPJ8-4CHW-6R65

Tags

Sightings

Nomenclature