cve-2010-1139

Vulnerability from cvelistv5

Published

2010-04-12 18:00

Modified

2024-08-07 01:14

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/63606
cve@mitre.org	http://secunia.com/advisories/39201	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39206	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39215	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.org	http://www.securityfocus.com/bid/39407
cve@mitre.org	http://www.securitytracker.com/id?1023835
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/63606
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39201	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39206	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39215	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/39407
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023835
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "39206",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39206"
          },
          {
            "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
          },
          {
            "name": "39407",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/39407"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
          },
          {
            "name": "63606",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/63606"
          },
          {
            "name": "39201",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39201"
          },
          {
            "name": "39215",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39215"
          },
          {
            "name": "1023835",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023835"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-04-22T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "39206",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39206"
        },
        {
          "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
        },
        {
          "name": "39407",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/39407"
        },
        {
          "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
        },
        {
          "name": "63606",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/63606"
        },
        {
          "name": "39201",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39201"
        },
        {
          "name": "39215",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39215"
        },
        {
          "name": "1023835",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023835"
        },
        {
          "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "39206",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39206"
            },
            {
              "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
            },
            {
              "name": "39407",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/39407"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
            },
            {
              "name": "63606",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/63606"
            },
            {
              "name": "39201",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39201"
            },
            {
              "name": "39215",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39215"
            },
            {
              "name": "1023835",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023835"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1139",
    "datePublished": "2010-04-12T18:00:00",
    "dateReserved": "2010-03-29T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8F3BFF-676B-4E2C-98BA-DCA71E49060F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3E658DA-56E8-49F0-B486-4EF622B63627\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"541D77A2-99C5-4CDB-877F-7E83E1E3369E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6B53C0A-5A0C-4168-8AD3-F3E957AE8919\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE944A70-CB9C-4712-9802-509531396A02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62DA49FA-6657-45B5-BF69-D3A03BA62A4D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"949C3917-4D7E-4B51-A872-BFBECB4D2CB2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A2543D5-AE09-4E90-B27E-95075BE4ACBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6CFDD84-A482-42C2-B43F-839F4D7F1130\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E565F23-AEEE-41A4-80EC-01961AD5560E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E18541B-36B6-40A7-9749-FA47A10379C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55EBD95F-3DF7-49F3-A7AA-47085E0B7C88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6DA47C9-3D1A-49A7-8976-AE05D6730673\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"692CC131-5C6C-4AD6-B85C-07DF21168BC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"617EFBFF-D047-4A0B-ACB6-83B27710F6F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1D0DF91-17E8-45D4-B625-737FE50C23CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6C47EB8-8844-4D49-9246-008F7AE45C60\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9FDEEE1-BC47-4EE6-A56B-C7626D554019\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98918409-9F58-4FBC-B5C1-4015B5E3C0FE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y VMware Server v2.x en Linux y VMware Fusion v2.x antes de v2.0.7 build 246.742, permite a usuarios locales conseguir privilegios a trav\\u00e9s de especificadores de formato de cadenas en los metadatos de proceso.\"}]",
      "id": "CVE-2010-1139",
      "lastModified": "2024-11-21T01:13:44.077",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-04-12T18:30:00.587",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/63606\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/39201\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39206\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39215\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/39407\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1023835\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/63606\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/39201\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201209-25.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/39407\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023835\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1139\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-04-12T18:30:00.587\",\"lastModified\":\"2024-11-21T01:13:44.077\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y VMware Server v2.x en Linux y VMware Fusion v2.x antes de v2.0.7 build 246.742, permite a usuarios locales conseguir privilegios a trav\u00e9s de especificadores de formato de cadenas en los metadatos de proceso.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8F3BFF-676B-4E2C-98BA-DCA71E49060F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3E658DA-56E8-49F0-B486-4EF622B63627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"541D77A2-99C5-4CDB-877F-7E83E1E3369E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B53C0A-5A0C-4168-8AD3-F3E957AE8919\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE944A70-CB9C-4712-9802-509531396A02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62DA49FA-6657-45B5-BF69-D3A03BA62A4D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"949C3917-4D7E-4B51-A872-BFBECB4D2CB2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A2543D5-AE09-4E90-B27E-95075BE4ACBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6CFDD84-A482-42C2-B43F-839F4D7F1130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E565F23-AEEE-41A4-80EC-01961AD5560E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155AD4FB-E527-4103-BCEF-801B653DEA37\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E18541B-36B6-40A7-9749-FA47A10379C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55EBD95F-3DF7-49F3-A7AA-47085E0B7C88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DA47C9-3D1A-49A7-8976-AE05D6730673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"692CC131-5C6C-4AD6-B85C-07DF21168BC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617EFBFF-D047-4A0B-ACB6-83B27710F6F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1D0DF91-17E8-45D4-B625-737FE50C23CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C47EB8-8844-4D49-9246-008F7AE45C60\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9FDEEE1-BC47-4EE6-A56B-C7626D554019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98918409-9F58-4FBC-B5C1-4015B5E3C0FE\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/63606\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/39201\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39206\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39215\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/39407\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023835\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000090.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/63606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201209-25.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/39407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

gsd-2010-1139

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-1139

Aliases

CVE-2010-1139

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1139",
    "description": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.",
    "id": "GSD-2010-1139"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1139"
      ],
      "details": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.",
      "id": "GSD-2010-1139",
      "modified": "2023-12-13T01:21:33.282402Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-1139",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201209-25",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "39206",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39206"
          },
          {
            "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
          },
          {
            "name": "39407",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/39407"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
          },
          {
            "name": "63606",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/63606"
          },
          {
            "name": "39201",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39201"
          },
          {
            "name": "39215",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39215"
          },
          {
            "name": "1023835",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023835"
          },
          {
            "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1139"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "39206",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/39206"
            },
            {
              "name": "39215",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/39215"
            },
            {
              "name": "39201",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/39201"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
            },
            {
              "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory",
                "Patch"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
            },
            {
              "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
            },
            {
              "name": "39407",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/39407"
            },
            {
              "name": "1023835",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023835"
            },
            {
              "name": "63606",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/63606"
            },
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-05-15T03:07Z",
      "publishedDate": "2010-04-12T18:30Z"
    }
  }
}

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. When the vmrun tool lists processes, it will cause arbitrary code to be executed with elevated privileges. Multiple VMware products are prone to a local privilege-escalation vulnerability. NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Toth-Steiner. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2010-0007 Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues Issue date: 2010-04-09 Updated on: 2010-04-09 (initial release of advisory) CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042 CVE-2009-1564 CVE-2009-1565 CVE-2009-3732 CVE-2009-3707 CVE-2010-1138 CVE-2010-1139 CVE-2010-1141

Notes: Effective May 2010, VMware's patch and update release program during Extended Support will be continued with the condition that all subsequent patch and update releases will be based on the latest baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details.

Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan to upgrade to at least ESX 3.0.3 and preferably to the newest release available.

Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available.

End of General Support for VMware Workstation 6.x is 2011-04-27, users should plan to upgrade to the newest release available.

End of General Support for VMware Server 2.0 is 2011-06-30, users should plan to upgrade to the newest release of either ESXi or VMware Player.

Extended support for Virtual Center 2.0.2 is 2011-12-10, users should plan to upgrade to the newest release of vCenter Server.

Problem Description

a. Windows-based VMware Tools Unsafe Library Loading vulnerability

A vulnerability in the way VMware libraries are referenced allows
for arbitrary code execution in the context of the logged on user. 
This vulnerability is present only on Windows Guest Operating
Systems.

In order for an attacker to exploit the vulnerability, the attacker
would need to lure the user that is logged on a Windows Guest
Operating System to click on the attacker's file on a network
share. This file could be in any file format. The attacker will
need to have the ability to host their malicious files on a
network share.

VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS
Security (http://www.acrossecurity.com) for reporting this issue
to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1141 to this issue. 
 - Upgrade tools in the virtual machine (virtual machine users
   will be prompted to upgrade).

Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5
 - Install the relevant patches (see below for patch identifiers)
 - Manually upgrade tools in the virtual machine (virtual machine
   users will not be prompted to upgrade).  Note the VI Client will
   not show the VMware tools is out of date in the summary tab. 
   Please see http://tinyurl.com/27mpjo page 80 for details.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    7.x       any      not affected
Workstation    6.5.x     any      6.5.4 build 246459 or later

Player         3.x       any      not affected
Player         2.5.x     any      2.5.4 build 246459 or later

ACE            2.6.x     Windows  not affected
ACE            2.5.x     Windows  2.5.4 build 246459 or later

Server         2.x       any      2.0.2 build 203138 or later

Fusion         3.x       Mac OS/X not affected
Fusion         2.x       Mac OS/X 2.0.6 build 246742 or later

ESXi           4.0       ESXi     ESXi400-201002402-BG
ESXi           3.5       ESXi     ESXe350-200912401-T-BG or later

ESX            4.0       ESX      ESX400-201002401-BG
ESX            3.5       ESX      ESX350-200912401-BG
ESX            3.0.3     ESX      ESX303-201002203-UG
ESX            2.5.5     ESX      Upgrade Patch 15

b. Windows-based VMware Tools Arbitrary Code Execution vulnerability

A vulnerability in the way VMware executables are loaded allows for
arbitrary code execution in the context of the logged on user. This
vulnerability is present only on Windows Guest Operating Systems.

In order for an attacker to exploit the vulnerability, the attacker
would need to be able to plant their malicious executable in a
certain location on the Virtual Machine of the user.  On most
recent versions of Windows (XP, Vista) the attacker would need to
have administrator privileges to plant the malicious executable in
the right location.

Steps needed to remediate this vulnerability: See section 3.a.

VMware would like to thank Mitja Kolsek of ACROS Security
(http://www.acrossecurity.com) for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1142 to this issue.

Refer to the previous table in section 3.a for what action
remediates the vulnerability (column 4) if a solution is
available. See above for remediation details.

c. Windows-based VMware Workstation and Player host privilege escalation

A vulnerability in the USB service allows for a privilege
escalation. A local attacker on the host of a Windows-based
Operating System where VMware Workstation or VMware Player
is installed could plant a malicious executable on the host and
elevate their privileges.

In order for an attacker to exploit the vulnerability, the attacker
would need to be able to plant their malicious executable in a
certain location on the host machine.  On most recent versions of
Windows (XP, Vista) the attacker would need to have administrator
privileges to plant the malicious executable in the right location.

VMware would like to thank Thierry Zoller for reporting this issue
to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1140 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    7.0       Windows  7.0.1 build 227600 or later
Workstation    7.0       Linux    not affected
Workstation    6.5.x     any      not affected

Player         3.0       Windows  3.0.1 build 227600 or later
Player         3.0       Linux    not affected
Player         2.5.x     any      not affected

Ace            any       any      not affected

Server         2.x       any      not affected

Fusion         any       Mac OS/X not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected

d. Third party library update for libpng to version 1.2.37

The libpng libraries through 1.2.35 contain an uninitialized-
memory-read bug that may have security implications. 
Specifically, 1-bit (2-color) interlaced images whose widths are
not divisible by 8 may result in several uninitialized bits at the
end of certain rows in certain interlace passes being returned to
the user. An application that failed to mask these out-of-bounds
pixels might display or process them, albeit presumably with benign
results in most cases.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2042 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not applicable

Workstation    7.0       any      7.0.1 build 227600 or later
Workstation    6.5.x     any      6.5.4 build 246459 or later

Player         3.0       any      3.0.1 build 227600 or later
Player         2.5.x     any      2.5.4 build 246459 or later

Ace            2.6       Windows  2.6.1 build 227600 or later
Ace            2.5.x     Windows  2.5.4 build 246459 or later

Server         2.x       any      not being fixed at this time

Fusion         any       any      Mac OS/X not affected

ESXi           any       ESXi     not applicable

ESX            any       ESX      not applicable

e. VMware VMnc Codec heap overflow vulnerabilities

The VMware movie decoder contains the VMnc media codec that is
required to play back movies recorded with VMware Workstation,
VMware Player and VMware ACE, in any compatible media player. The
movie decoder is installed as part of VMware Workstation, VMware
Player and VMware ACE, or can be downloaded as a stand alone
package.

For an attack to be successful the user must be tricked into
visiting a malicious web page or opening a malicious video file on
a system that has the vulnerable version of the VMnc codec installed.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1564 and CVE-2009-1565 to these
issues.

VMware would like to thank iDefense, Sebastien Renaud of VUPEN
Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop
of Secunia Research for reporting these issues to us.

To remediate the above issues either install the stand alone movie
decoder or update your product using the table below.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Movie Decoder  any       Windows  6.5.4 Build 246459 or later

Workstation    7.x       any      not affected
Workstation    6.5.x     Windows  6.5.4 build 246459 or later
Workstation    6.5.x     Linux    not affected

Player         3.x       any      not affected
Player         2.5.x     Windows  2.5.4 build 246459 or later
Player         2.5.x     Linux    not affected

ACE            any       any      not affected

Server         2.x       Window   not being addressed at this time
Server         2.x       Linux    not affected

Fusion         any       Mac OS/X not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected

f. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.

For an attack to be successful, an attacker would need to trick the
VMrc user into opening a malicious Web page or following a malicious
URL. Code execution would be at the privilege level of the user.

VMrc is present on a system if the VMrc browser plug-in has been
installed. This plug-in is required when using the console feature in
WebAccess. Installation of the plug-in follows after visiting the
console tab in WebAccess and choosing "Install plug-in". The plug-
in can only be installed on Internet Explorer and Firefox.

Under the following two conditions your version of VMrc is likely
to be affected:

- the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0
  without patch ESX400-200911223-UG and
- VMrc is installed on a Windows-based system

The following steps allow you to determine if you have an affected
version of VMrc installed:

- Locate the VMrc executable vmware-vmrc.exe on your Windows-based
  system
- Right click and go to Properties
- Go to the tab "Versions"
- Click "File Version" in the "Item Name" window
- If the "Value" window shows "e.x.p build-158248", the version of
  VMrc is affected

Remediation of this issue on Windows-based systems requires the
following steps (Linux-based systems are not affected):

- Uninstall affected versions of VMrc from the systems where the
  VMrc plug-in has been installed (use the Windows Add/Remove
  Programs interface)
- Install vCenter 4.0 Update 1 or install the ESX 4.0 patch
  ESX400-200911223-UG
- Login into vCenter 4.0 Update 1 or ESX 4.0 with patch
  ESX400-200911223-UG using WebAccess on the system where the VMrc
  needs to be re-installed
- Re-install VMrc by going to the console tab in WebAccess.  The
  Console tab is selectable after selecting a virtual machine.

Note: the VMrc plug-in for Firefox on Windows-based operating
systems is no longer compatible after the above remediation steps. 
Users are advised to use the Internet Explorer VMrc plug-in.

VMware would like to thank Alexey Sintsov from Digital Security
Research Group for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3732 to this issue.

g. Windows-based VMware authd remote denial of service

A vulnerability in vmware-authd could cause a denial of service
condition on Windows-based hosts.  The denial of service is limited
to a crash of authd.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-3707 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    7.0       Windows  7.0.1 build 227600 or later
Workstation    7.0       Linux    not affected
Workstation    6.5.x     Windows  6.5.4 build 246459 or later
Workstation    6.5.x     Linux    not affected

Player         3.0       Windows  3.0.1 build 227600 or later
Player         3.x       Linux    not affected
Player         2.5.x     Windows  2.5.4 build 246459 or later
Player         2.5.x     Linux    not affected

Ace            2.6       Windows  2.6.1 build 227600 or later
Ace            2.5.x     Windows  2.5.4 build 246459 or later

Server         2.x       Windows  not being addressed at this time
Server         2.x       Linux    not affected

Fusion         any       Mac OS/X not affected

ESXi           any       any      not affected

ESX            any       any      not affected

h. Potential information leak via hosted networking stack

A vulnerability in the virtual networking stack of VMware hosted
products could allow host information disclosure.

A guest operating system could send memory from the host vmware-vmx
process to the virtual network adapter and potentially to the
host's physical Ethernet wire.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-1138 to this issue.

VMware would like to thank Johann MacDonagh for reporting this
issue to us.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
VirtualCenter  any       Windows  not affected

Workstation    7.0       any      7.0.1 build 227600 or later
Workstation    6.5.x     Windows  6.5.4 build 246459 or later
Workstation    6.5.x     Linux    not affected

Player         3.0       any      3.0.1 build 227600 or later
Player         2.5.x     Windows  2.5.4 build 246459 or later
Player         2.5.x     Linux    not affected

Ace            2.6       Windows  2.6.1 build 227600 or later
Ace            2.5.x     Windows  2.5.4 build 246459 or later

Server         2.x       any      not being fixed at this time

Fusion         3.0       Mac OS/X 3.0.1 build 232708 or later
Fusion         2.x       Mac OS/X 2.0.7 build 246742 or later

ESXi           any       any      not affected

ESX            any       any      not affected

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-1139 to this issue.

VMware would like to thank Thomas Toth-Steiner for reporting this
issue to us.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available. Solution

Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.

VMware Workstation Movie Decoder stand alone 6.5.4

http://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.4-246459.exe md5sum: ea2ac5907ae4c5c323147fe155443ab8 sha1sum: 5ca8d1fd45f6a7a6f38019b259c3e836ee4e8f29

VMware Workstation 7.0.1

For Windows

http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-WIN Release notes: http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html

Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: fc8502a748de3b8f94c5c9571c1f17d2 sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206

Workstation for Windows 32-bit and 64-bit without VMware Tools md5sum: 6a18ea3847cb727b03f7890f5643db79 sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984

For Linux http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-LX Release notes: http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html

Workstation for Linux 32-bit with VMware Tools md5sum: a896f7aaedde8799f21b52b89f5fc9ef sha1sum: f6d0789afa7927ca154973a071603a0bd098e697

Workstation for Linux 32-bit without VMware Tools md5sum: 59ecd27bdf3f59be3b4df8f04d1b3874 sha1sum: 22e1a475069fca5e8d2446bf14661fa6d894d34f

Workstation for Linux 64-bit with VMware Tools md5sum: 808682eaa6b202fa29172821f7378768 sha1sum: a901c45a2a02678b0d1722e8f27152c3af12a7ac

Workstation for Linux 64-bit without VMware Tools md5sum: 5116e27e7b13a76693402577bd9fda58 sha1sum: dbcd045a889b95ac14828b8106631b678354e30a

VMware Workstation 6.5.4

For Windows

http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN Release Notes: http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html

Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 2dc393fcc4e78dcf2165098a4938699a sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569

For Linux http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX Release Notes: http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html

Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 9efb43a604d50e541eb3be7081b8b198 sha1sum: 4240d664f85a11f47288d2279224b26bef92aa8b

Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: 38760682ad3b2f6bfb4e40f424c95c2a sha1sum: ec78099322b5fb2a737cd74a1978a5c07382dc8a

Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 24311492bc515e9bc98eff9b2e7d33a2 sha1sum: b4947ef09f740440e8a24fc2ba05c0a7c11b82f5

Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: ed24296705ad48442549d9cb2b3c0d8d sha1sum: 3c0f1efae0a64fa3a41be21b0bfc962f12e0e6d8

VMware Player 3.0.1

http://downloads.vmware.com/tryvmware/?p=player&lp=default Release notes: http://downloads.vmware.com/support/player30/doc/releasenotes_player301.html

Player for Windows 32-bit and 64-bit md5sum: 78c92c0242c9540f68a629d4ac49c516 sha1sum: 7fc255fcd1a6784458012314db1206ed922e92cf

Player for Linux 32-bit (.bundle) md5sum: e7cd19d39c7bbd1aee582743d76a7863 sha1sum: cff76010f0429576288ea1e5a594cd47a2c64f4a

Player for Linux 64-bit (.bundle) md5sum: 88b08537c6eea705883dc1755b97738c sha1sum: 84f25370d24c03a18968a4f4c8e06cef3d21c2df

VMware VIX API for Windows 32-bit and 64-bit md5sum: 2c46fc7e2516f331eb4dd23154d00a54 sha1sum: 85ceb1b718806c6870e3a918bcc772d1486ccdc9

VMware VIX API for 32-bit Linux md5sum: 8b0994a26363246b5e954f97bd5a088d sha1sum: af93da138a158ee6e05780a5c4042414735987b6

VMware VIX API for 64-bit Linux md5sum: ef7b9890c52b1e333f2357760a7fff85 sha1sum: dfef8531356de78171e13c4c108ebaeb43eaa62d

VMware Player 2.5.4

http://downloads.vmware.com/download/player/player_reg.html Release notes: http://downloads.vmware.com/support/player25/doc/releasenotes_player254.html

Player for Windows 32-bit and 64-bit (.exe) md5sum: 531140a1eeed7d8b71f726b3d32a9174 sha1sum: 2500fa8af48452bd0e97040b80c569c3cb4f73e5

Player for Linux (.rpm) md5sum: 1905f61af490f9760bef54450747e708 sha1sum: cf7444c0a6331439c5479a4158112a60eb0e6e8d

Player for Linux (.bundle) md5sum: 74f539005687a4efce7971f7ef019af5 sha1sum: 4c4412c5807ecd00e66886e0e7c43ed61b62aab7

Player for Linux - 64-bit (.rpm) md5sum: 013078d7f6adcdbcbaafbf5e0ae11a39 sha1sum: 7c434173a3fe446ebefce4803bfaa7ab67d1ff72

Player for Linux - 64-bit (.bundle) md5sum: 175ce2f9656ff10a1327c0d48f80c65f sha1sum: bf7acfdcb44bf345d58f79ad1bcb04816f262d22

VMware ACE 2.6.1

http://downloads.vmware.com/download/download.do?downloadGroup=ACE-261-WIN Release notes: http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html

VMware Workstation for 32-bit and 64-bit Windows with tools md5sum: fc8502a748de3b8f94c5c9571c1f17d2 sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206

VMware Workstation for Windows 32-bit and 64-bit without tools md5sum: 6a18ea3847cb727b03f7890f5643db79 sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984

ACE Management Server Virtual Appliance md5sum: e26d258c511572064e99774fbac9184c sha1sum: 9363656b70caa11a31a6229451202d9f8203c1f5

ACE Management Server for Windows md5sum: e970828f2a5a62ac108879033a70f4b6 sha1sum: eca89372eacc78c3130781d0d183715055d64798

ACE Management Server for SUSE Enterprise Linux 9 md5sum: 59b3ad5964daef2844e72fd1765590fc sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f

ACE Management Server for Red Hat Enterprise Linux 4 md5sum: 6623f6a8a645402a1c8c351ec99a1889 sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d

VMware ACE 2.5.4

http://downloads.vmware.com/download/download.do?downloadGroup=ACE-254-WIN Release notes: http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html

VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 2dc393fcc4e78dcf2165098a4938699a sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569

ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 3935f23d4a074e7a3429a1c80cfd2155 sha1sum: 5b09439a9c840d39ae49fbd7a79732ecd58c52a3

ACE Management Server for Windows Windows .exe md5sum: 1173bd7da6ed330a262ed4e2eff6562c sha1sum: d9bce88a350aa957f3387f870af763875d4d9110

ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: 0bec2cf8d6ae3bb6976c9d8cc2573208 sha1sum: f3c6d9ee3357535b1540cedd9e86d723e2ed2134

ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 17caa522af79cf1f6b2ebad16a4ac8a5 sha1sum: cdd6e2a4e3d7ad89f95e60f1af024bea7eaba0fe

VMware Server 2.0.2

http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html

VMware Server 2 Version 2.0.2 | 203138 - 10/26/09 507 MB EXE image VMware Server 2 for Windows Operating Systems. A master installer file containing all Windows components of VMware Server. Version 2.0.2 | 203138 - 10/26/09 37 MB TAR image md5sum: 95ddea5a0579a35887bd15b083ffea20 sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747

VMware Server 2 for Linux Operating Systems 64-bit version. Version 2.0.2 | 203138 - 10/26/09 452 MB RPM image md5sum: 35c8b176601133749e4055e0034f8be6 sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece

The core application needed to run VMware Server 2, 64-bit version.

The same patch, ESXe350-200912402-T-BG, is also contained in ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update.

In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also included in ESXe350-201003401-O-BG from March 2010.

ESXe350-201002401-O-SG (latest security update) http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip

md5sum: 0c8d4d1c0e3c2aed9f785cf081225d83

http://kb.vmware.com/kb/1015047 (Vi Client)

http://kb.vmware.com/kb/1016665 (VM Tools)

http://kb.vmware.com/kb/1017685 (Firmware)

The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file.

ESX

ESX 4.0 bulletin ESX400-201002401-BG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip md5sum: de62cbccaffa4b2b6831617f18c1ccb4 sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab http://kb.vmware.com/kb/1018403

Note: ESX400-201002001 contains the bundle with the security fix, ESX400-201002401-BG To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX400-201002001 -b ESX400-201002401-BG

ESX 4.0 bulletin ESX400-200911223-UG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-166-20091202-254879/ESX-4.0.0-update01a.zip md5sum: 99c1fcafbf0ca105ce73840d686e9914 sha1sum: aa8a23416271bc28b6b8f6bdbe00045e36314ebb http://kb.vmware.com/kb/1014842

Note: ESX-4.0.0-update01a contains the bundle with the security fix, ESX400-200911223-UG To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX-4.0.0-update01a -b ESX400-200911223-UG

ESX 3.5 patch ESX350-200912401-BG http://download3.vmware.com/software/vi/ESX350-200912401-BG.zip md5sum: f1d3589745b4ae933554785aef22bacc sha1sum: d1e5a9209b165d43d75f076e556fc028bec4cc47 http://kb.vmware.com/kb/1016657

ESX 3.0.3 patch ESX303-201002203-UG http://download3.vmware.com/software/vi/ESX303-201002203-UG.zip md5sum: 49ee56b687707cbe6999836c315f081a http://kb.vmware.com/kb/1018030

ESX 2.5.5 Upgrade Patch 15 http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz md5sum: c346fe510b6e51145570e03083f77357 sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4 http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html

References http://www.acrossecurity.com/advisories.htm http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141
Change log 2010-04-09 VMSA-2010-0007 Initial security advisory after release of Workstation 6.5.4 and Fusion 2.0.7 on 2010-04-08.

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center http://www.vmware.com/security

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)

iD8DBQFLvvM8S2KysvBH1xkRAgu/AJ9RrzlOq/5Ug0t8R4qoi/UwDVJDpACbBGgT d58bjKG6Ic7m/TsoJP4M2tw= =Q1zv -----END PGP SIGNATURE----- .

For more information see vulnerabilities #3 through #7 in: SA39206

SOLUTION: Restrict local access to trusted users only. Do not open untrusted images or video files.

Background

VMware Player, Server, and Workstation allow emulation of a complete PC on a PC without the usual performance overhead of most emulators.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 app-emulation/vmware-player <= 2.5.5.328052 Vulnerable! 2 app-emulation/vmware-workstation <= 6.5.5.328052 Vulnerable! 3 app-emulation/vmware-server <= 1.0.9.156507 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console.

Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS).

Workaround

There is no known workaround at this time. We recommend that users unmerge VMware Server:

# emerge --unmerge "app-emulation/vmware-server"

References

[ 1 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 2 ] CVE-2007-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 [ 3 ] CVE-2007-5671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 [ 4 ] CVE-2008-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 [ 5 ] CVE-2008-1340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 [ 6 ] CVE-2008-1361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 [ 7 ] CVE-2008-1362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 [ 8 ] CVE-2008-1363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 [ 9 ] CVE-2008-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 [ 10 ] CVE-2008-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 [ 11 ] CVE-2008-1447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 [ 12 ] CVE-2008-1806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 [ 13 ] CVE-2008-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 [ 14 ] CVE-2008-1808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 [ 15 ] CVE-2008-2098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 [ 16 ] CVE-2008-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 [ 17 ] CVE-2008-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 [ 18 ] CVE-2008-4915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 [ 19 ] CVE-2008-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 [ 20 ] CVE-2008-4917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 [ 21 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 22 ] CVE-2009-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 [ 23 ] CVE-2009-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 [ 24 ] CVE-2009-1244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244 [ 25 ] CVE-2009-2267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 [ 26 ] CVE-2009-3707 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 [ 27 ] CVE-2009-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 [ 28 ] CVE-2009-3733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 [ 29 ] CVE-2009-4811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 [ 30 ] CVE-2010-1137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 [ 31 ] CVE-2010-1138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 [ 32 ] CVE-2010-1139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 [ 33 ] CVE-2010-1140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 [ 34 ] CVE-2010-1141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 [ 35 ] CVE-2010-1142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 [ 36 ] CVE-2010-1143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 [ 37 ] CVE-2011-3868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201209-25.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

Secunia CSI + Microsoft SCCM

= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

TITLE: VMware Products Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA39206

VERIFY ADVISORY: http://secunia.com/advisories/39206/

DESCRIPTION: Some vulnerabilities have been reported in multiple VMware products, which can be exploited by malicious, local users to disclose sensitive information or gain escalated privileges, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a user's system.

NOTE: This vulnerability cannot be exploited without administrative privileges on recent Windows versions (e.g. Windows XP and Windows Vista).

3) An error in libpng can be exploited to disclose uninitialised memory via a specially crafted image.

For more information: SA35346

4) A boundary error and two integer truncation errors in the VMnc codec can be exploited to potentially execute arbitrary code.

For more information: SA36712

5) An error in the VMware Authorization Service ("vmware-authd") can be exploited to cause a crash.

For more information: SA39201

SOLUTION: Update to a fixed version.

PROVIDED AND/OR DISCOVERED BY: 4) Alin Rad Pop, Secunia Research

The vendor also credits: 1) Jure Skofic and Mitja Kolsek of ACROS Security 2) Thierry Zoller 4) iDefense and Sebastien Renaud of Vupen 6) Johann MacDonagh 7) Thomas Toth-Steiner

ORIGINAL ADVISORY: VMware (VMSA-2010-0007): http://lists.vmware.com/pipermail/security-announce/2010/000090.html

Secunia Research: http://secunia.com/secunia_research/2009-36/ http://secunia.com/secunia_research/2009-37/

OTHER REFERENCES: SA35346: http://secunia.com/advisories/35346/

SA36712: http://secunia.com/advisories/36712/

SA36988: http://secunia.com/advisories/36988/

SA39198: http://secunia.com/advisories/39198/

SA39201: http://secunia.com/advisories/39201/

SA39203: http://secunia.com/advisories/39203/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201004-0982",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.0.6"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.0.5"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.0.4"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "1.6.0"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "1.6.1"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.5.3"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.5.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "6.5.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.5.3"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.5.2"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vmware",
        "version": "2.5.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.0.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "6.5.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.x"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.5.x"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.x"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "1.6.x"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "6.5.x"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "vmware",
        "version": "6.5.4246459"
      },
      {
        "model": "fusion build",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "vmware",
        "version": "2.0.6246742"
      },
      {
        "model": "player build",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "vmware",
        "version": "2.5.4246459"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "vmware",
        "version": "1.7"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "workstation",
        "version": "6.5.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "workstation",
        "version": "6.5.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "workstation",
        "version": "6.5.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "workstation",
        "version": "6.5.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "server",
        "version": "2.0.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "server",
        "version": "2.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "server",
        "version": "2.0.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "fusion",
        "version": "2.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "fusion",
        "version": "2.0.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "fusion",
        "version": "2.0.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "fusion",
        "version": "2.0.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "fusion",
        "version": "2.0.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "fusion",
        "version": "2.0.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "fusion",
        "version": "2.0.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "vix api",
        "version": "1.6.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "vix api",
        "version": "1.6.1"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.5118166"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.5.3185404"
      },
      {
        "model": "workstation build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.5.2156735"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.6"
      },
      {
        "model": "server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2203138"
      },
      {
        "model": "server build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1156745"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4"
      },
      {
        "model": "player build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.2156735"
      },
      {
        "model": "player build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5118166"
      },
      {
        "model": "player build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.3185404"
      },
      {
        "model": "fusion build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.6196839"
      },
      {
        "model": "fusion build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2147997"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "workstation build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.5.4246459"
      },
      {
        "model": "vix api",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.7"
      },
      {
        "model": "player build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5.4246459"
      },
      {
        "model": "fusion build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.7246742"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "db": "BID",
        "id": "39407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alin Rad Pop",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2010-1139",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-1139",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "7d7d04e1-463f-11e9-941d-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-1139",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201004-158",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d7d04e1-463f-11e9-941d-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-1139",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata. When the vmrun tool lists processes, it will cause arbitrary code to be executed with elevated privileges. Multiple VMware products are prone to a local privilege-escalation vulnerability. \nNOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thomas Toth-Steiner. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2010-0007\nSynopsis:          VMware hosted products, vCenter Server and ESX\n                   patches resolve multiple security issues\nIssue date:        2010-04-09\nUpdated on:        2010-04-09 (initial release of advisory)\nCVE numbers:       CVE-2010-1142 CVE-2010-1140 CVE-2009-2042\n                   CVE-2009-1564 CVE-2009-1565 CVE-2009-3732\n                   CVE-2009-3707 CVE-2010-1138 CVE-2010-1139\n                   CVE-2010-1141\n- -------------------------------------------------------------------------\n\n1. \n\n2. \n\n   Notes:\n   Effective May 2010, VMware\u0027s patch and update release program during\n   Extended Support will be continued with the condition that all\n   subsequent patch and update releases will be based on the latest\n   baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,\n   ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section\n   \"End of Product Availability FAQs\" at\n   http://www.vmware.com/support/policies/lifecycle/vi/faq.html for\n   details. \n\n   Extended support for ESX 2.5.5 ends on 2010-06-15.  Users should plan\n   to upgrade to at least ESX 3.0.3 and preferably to the newest\n   release available. \n\n   Extended support for ESX 3.0.3 ends on 2011-12-10.  Users should plan\n   to upgrade to at least ESX 3.5 and preferably to the newest release\n   available. \n\n   End of General Support for VMware Workstation 6.x is 2011-04-27,\n   users should plan to upgrade to the newest release available. \n\n   End of General Support for VMware Server 2.0 is 2011-06-30, users\n   should plan to upgrade to the newest release of either ESXi or\n   VMware Player. \n\n   Extended support for Virtual Center 2.0.2 is 2011-12-10, users\n   should plan to upgrade to the newest release of vCenter Server. \n\n3. Problem Description\n\n a. Windows-based VMware Tools Unsafe Library Loading vulnerability\n\n    A vulnerability in the way VMware libraries are referenced allows\n    for arbitrary code execution in the context of the logged on user. \n    This vulnerability is present only on Windows Guest Operating\n    Systems. \n\n    In order for an attacker to exploit the vulnerability, the attacker\n    would need to lure the user that is logged on a Windows Guest\n    Operating System to click on the attacker\u0027s file on a network\n    share. This file could be in any file format. The attacker will\n    need to have the ability to host their malicious files on a\n    network share. \n\n    VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS\n    Security (http://www.acrossecurity.com) for reporting this issue\n    to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1141 to this issue. \n     - Upgrade tools in the virtual machine (virtual machine users\n       will be prompted to upgrade). \n\n    Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5\n     - Install the relevant patches (see below for patch identifiers)\n     - Manually upgrade tools in the virtual machine (virtual machine\n       users will not be prompted to upgrade).  Note the VI Client will\n       not show the VMware tools is out of date in the summary tab. \n       Please see http://tinyurl.com/27mpjo page 80 for details. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. See above for remediation\n    details. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    7.x       any      not affected\n    Workstation    6.5.x     any      6.5.4 build 246459 or later\n\n    Player         3.x       any      not affected\n    Player         2.5.x     any      2.5.4 build 246459 or later\n\n    ACE            2.6.x     Windows  not affected\n    ACE            2.5.x     Windows  2.5.4 build 246459 or later\n\n    Server         2.x       any      2.0.2 build 203138 or later\n\n    Fusion         3.x       Mac OS/X not affected\n    Fusion         2.x       Mac OS/X 2.0.6 build 246742 or later\n\n    ESXi           4.0       ESXi     ESXi400-201002402-BG\n    ESXi           3.5       ESXi     ESXe350-200912401-T-BG or later\n\n    ESX            4.0       ESX      ESX400-201002401-BG\n    ESX            3.5       ESX      ESX350-200912401-BG\n    ESX            3.0.3     ESX      ESX303-201002203-UG\n    ESX            2.5.5     ESX      Upgrade Patch 15\n\n b. Windows-based VMware Tools Arbitrary Code Execution vulnerability\n\n    A vulnerability in the way VMware executables are loaded allows for\n    arbitrary code execution in the context of the logged on user. This\n    vulnerability is present only on Windows Guest Operating Systems. \n\n    In order for an attacker to exploit the vulnerability, the attacker\n    would need to be able to plant their malicious executable in a\n    certain location on the Virtual Machine of the user.  On most\n    recent versions of Windows (XP, Vista) the attacker would need to\n    have administrator privileges to plant the malicious executable in\n    the right location. \n\n    Steps needed to remediate this vulnerability: See section 3.a. \n\n    VMware would like to thank Mitja Kolsek of ACROS Security\n    (http://www.acrossecurity.com) for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1142 to this issue. \n\n    Refer to the previous table in section 3.a for what action\n    remediates the vulnerability (column 4) if a solution is\n    available. See above for remediation details. \n\n c. Windows-based VMware Workstation and Player host privilege\n    escalation\n\n    A vulnerability in the USB service allows for a privilege\n    escalation. A local attacker on the host of a Windows-based\n    Operating System where VMware Workstation or VMware Player\n    is installed could plant a malicious executable on the host and\n    elevate their privileges. \n\n    In order for an attacker to exploit the vulnerability, the attacker\n    would need to be able to plant their malicious executable in a\n    certain location on the host machine.  On most recent versions of\n    Windows (XP, Vista) the attacker would need to have administrator\n    privileges to plant the malicious executable in the right location. \n\n    VMware would like to thank Thierry Zoller for reporting this issue\n    to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1140 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    7.0       Windows  7.0.1 build 227600 or later\n    Workstation    7.0       Linux    not affected\n    Workstation    6.5.x     any      not affected\n\n    Player         3.0       Windows  3.0.1 build 227600 or later\n    Player         3.0       Linux    not affected\n    Player         2.5.x     any      not affected\n\n    Ace            any       any      not affected\n\n    Server         2.x       any      not affected\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n d. Third party library update for libpng to version 1.2.37\n\n    The libpng libraries through 1.2.35 contain an uninitialized-\n    memory-read bug that may have security implications. \n    Specifically, 1-bit (2-color) interlaced images whose widths are\n    not divisible by 8 may result in several uninitialized bits at the\n    end of certain rows in certain interlace passes being returned to\n    the user. An application that failed to mask these out-of-bounds\n    pixels might display or process them, albeit presumably with benign\n    results in most cases. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2009-2042 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not applicable\n\n    Workstation    7.0       any      7.0.1 build 227600 or later\n    Workstation    6.5.x     any      6.5.4 build 246459 or later\n\n    Player         3.0       any      3.0.1 build 227600 or later\n    Player         2.5.x     any      2.5.4 build 246459 or later\n\n    Ace            2.6       Windows  2.6.1 build 227600 or later\n    Ace            2.5.x     Windows  2.5.4 build 246459 or later\n\n    Server         2.x       any      not being fixed at this time\n\n    Fusion         any       any      Mac OS/X not affected\n\n    ESXi           any       ESXi     not applicable\n\n    ESX            any       ESX      not applicable\n\n e. VMware VMnc Codec heap overflow vulnerabilities\n\n    The VMware movie decoder contains the VMnc media codec that is\n    required to play back movies recorded with VMware Workstation,\n    VMware Player and VMware ACE, in any compatible media player. The\n    movie decoder is installed as part of VMware Workstation, VMware\n    Player and VMware ACE, or can be downloaded as a stand alone\n    package. \n\n    For an attack to be successful the user must be tricked into\n    visiting a malicious web page or opening a malicious video file on\n    a system that has the vulnerable version of the VMnc codec installed. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2009-1564 and CVE-2009-1565 to these\n    issues. \n\n    VMware would like to thank iDefense, Sebastien Renaud of VUPEN\n    Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop\n    of Secunia Research for reporting these issues to us. \n\n    To remediate the above issues either install the stand alone movie\n    decoder or update your product using the table below. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Movie Decoder  any       Windows  6.5.4 Build 246459 or later\n\n    Workstation    7.x       any      not affected\n    Workstation    6.5.x     Windows  6.5.4 build 246459 or later\n    Workstation    6.5.x     Linux    not affected\n\n    Player         3.x       any      not affected\n    Player         2.5.x     Windows  2.5.4 build 246459 or later\n    Player         2.5.x     Linux    not affected\n\n    ACE            any       any      not affected\n\n    Server         2.x       Window   not being addressed at this time\n    Server         2.x       Linux    not affected\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\nf. \n    Exploitation of this issue may lead to arbitrary code execution on\n    the system where VMrc is installed. \n\n    For an attack to be successful, an attacker would need to trick the\n    VMrc user into opening a malicious Web page or following a malicious\n    URL. Code execution would be at the privilege level of the user. \n\n    VMrc is present on a system if the VMrc browser plug-in has been\n    installed. This plug-in is required when using the console feature in\n    WebAccess. Installation of the plug-in follows after visiting the\n    console tab in WebAccess and choosing \"Install plug-in\". The plug-\n    in can only be installed on Internet Explorer and Firefox. \n\n    Under the following two conditions your version of VMrc is likely\n    to be affected:\n\n    - the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0\n      without patch ESX400-200911223-UG and\n    - VMrc is installed on a Windows-based system\n\n    The following steps allow you to determine if you have an affected\n    version of VMrc installed:\n\n    - Locate the VMrc executable vmware-vmrc.exe on your Windows-based\n      system\n    - Right click and go to Properties\n    - Go to the tab \"Versions\"\n    - Click \"File Version\" in the \"Item Name\" window\n    - If the \"Value\" window shows \"e.x.p build-158248\", the version of\n      VMrc is affected\n\n    Remediation of this issue on Windows-based systems requires the\n    following steps (Linux-based systems are not affected):\n\n    - Uninstall affected versions of VMrc from the systems where the\n      VMrc plug-in has been installed (use the Windows Add/Remove\n      Programs interface)\n    - Install vCenter 4.0 Update 1 or install the ESX 4.0 patch\n      ESX400-200911223-UG\n    - Login into vCenter 4.0 Update 1 or ESX 4.0 with patch\n      ESX400-200911223-UG using WebAccess on the system where the VMrc\n      needs to be re-installed\n    - Re-install VMrc by going to the console tab in WebAccess.  The\n      Console tab is selectable after selecting a virtual machine. \n\n    Note: the VMrc plug-in for Firefox on Windows-based operating\n    systems is no longer compatible after the above remediation steps. \n    Users are advised to use the Internet Explorer VMrc plug-in. \n\n    VMware would like to thank Alexey Sintsov from Digital Security\n    Research Group for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2009-3732 to this issue. \n\n\n g. Windows-based VMware authd remote denial of service\n\n    A vulnerability in vmware-authd could cause a denial of service\n    condition on Windows-based hosts.  The denial of service is limited\n    to a crash of authd. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2009-3707 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    7.0       Windows  7.0.1 build 227600 or later\n    Workstation    7.0       Linux    not affected\n    Workstation    6.5.x     Windows  6.5.4 build 246459 or later\n    Workstation    6.5.x     Linux    not affected\n\n    Player         3.0       Windows  3.0.1 build 227600 or later\n    Player         3.x       Linux    not affected\n    Player         2.5.x     Windows  2.5.4 build 246459 or later\n    Player         2.5.x     Linux    not affected\n\n    Ace            2.6       Windows  2.6.1 build 227600 or later\n    Ace            2.5.x     Windows  2.5.4 build 246459 or later\n\n    Server         2.x       Windows  not being addressed at this time\n    Server         2.x       Linux    not affected\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       any      not affected\n\n    ESX            any       any      not affected\n\n h. Potential information leak via hosted networking stack\n\n    A vulnerability in the virtual networking stack of VMware hosted\n    products could allow host information disclosure. \n\n    A guest operating system could send memory from the host vmware-vmx\n    process to the virtual network adapter and potentially to the\n    host\u0027s physical Ethernet wire. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2010-1138 to this issue. \n\n    VMware would like to thank Johann MacDonagh for reporting this\n    issue to us. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    7.0       any      7.0.1 build 227600 or later\n    Workstation    6.5.x     Windows  6.5.4 build 246459 or later\n    Workstation    6.5.x     Linux    not affected\n\n    Player         3.0       any      3.0.1 build 227600 or later\n    Player         2.5.x     Windows  2.5.4 build 246459 or later\n    Player         2.5.x     Linux    not affected\n\n    Ace            2.6       Windows  2.6.1 build 227600 or later\n    Ace            2.5.x     Windows  2.5.4 build 246459 or later\n\n    Server         2.x       any      not being fixed at this time\n\n    Fusion         3.0       Mac OS/X 3.0.1 build 232708 or later\n    Fusion         2.x       Mac OS/X 2.0.7 build 246742 or later\n\n    ESXi           any       any      not affected\n\n    ESX            any       any      not affected\n\n i. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2010-1139 to this issue. \n\n    VMware would like to thank Thomas Toth-Steiner for reporting this\n    issue to us. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the md5sum and/or the sha1sum of your downloaded file. \n\n   VMware Workstation Movie Decoder stand alone 6.5.4\n   --------------------------------------------------\n\nhttp://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.4-246459.exe\n   md5sum: ea2ac5907ae4c5c323147fe155443ab8\n   sha1sum: 5ca8d1fd45f6a7a6f38019b259c3e836ee4e8f29\n\n   VMware Workstation 7.0.1\n   ------------------------\n   For Windows\n\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-WIN\n   Release notes:\n   http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\n\n   Workstation for Windows 32-bit and 64-bit with VMware Tools\n   md5sum: fc8502a748de3b8f94c5c9571c1f17d2\n   sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\n\n   Workstation for Windows 32-bit and 64-bit without VMware Tools\n   md5sum: 6a18ea3847cb727b03f7890f5643db79\n   sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\n\n   For Linux\n   http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-LX\n   Release notes:\n   http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\n\n   Workstation for Linux 32-bit with VMware Tools\n   md5sum: a896f7aaedde8799f21b52b89f5fc9ef\n   sha1sum: f6d0789afa7927ca154973a071603a0bd098e697\n\n   Workstation for Linux 32-bit without VMware Tools\n   md5sum: 59ecd27bdf3f59be3b4df8f04d1b3874\n   sha1sum: 22e1a475069fca5e8d2446bf14661fa6d894d34f\n\n   Workstation for Linux 64-bit with VMware Tools\n   md5sum: 808682eaa6b202fa29172821f7378768\n   sha1sum: a901c45a2a02678b0d1722e8f27152c3af12a7ac\n\n   Workstation for Linux 64-bit without VMware Tools\n   md5sum: 5116e27e7b13a76693402577bd9fda58\n   sha1sum: dbcd045a889b95ac14828b8106631b678354e30a\n\n   VMware Workstation 6.5.4\n   ------------------------\n   For Windows\n\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN\n   Release Notes:\n   http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\n\n   Workstation for Windows 32-bit and 64-bit\n   Windows 32-bit and 64-bit .exe\n   md5sum: 2dc393fcc4e78dcf2165098a4938699a\n   sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\n\n   For Linux\n   http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX\n   Release Notes:\n   http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\n\n   Workstation for Linux 32-bit\n   Linux 32-bit .rpm\n   md5sum: 9efb43a604d50e541eb3be7081b8b198\n   sha1sum: 4240d664f85a11f47288d2279224b26bef92aa8b\n\n   Workstation for Linux 32-bit\n   Linux 32-bit .bundle\n   md5sum: 38760682ad3b2f6bfb4e40f424c95c2a\n   sha1sum: ec78099322b5fb2a737cd74a1978a5c07382dc8a\n\n   Workstation for Linux 64-bit\n   Linux 64-bit .rpm\n   md5sum: 24311492bc515e9bc98eff9b2e7d33a2\n   sha1sum: b4947ef09f740440e8a24fc2ba05c0a7c11b82f5\n\n   Workstation for Linux 64-bit\n   Linux 64-bit .bundle\n   md5sum: ed24296705ad48442549d9cb2b3c0d8d\n   sha1sum: 3c0f1efae0a64fa3a41be21b0bfc962f12e0e6d8\n\n\n   VMware Player 3.0.1\n   -------------------\n   http://downloads.vmware.com/tryvmware/?p=player\u0026lp=default\n   Release notes:\nhttp://downloads.vmware.com/support/player30/doc/releasenotes_player301.html\n\n   Player for Windows 32-bit and 64-bit\n   md5sum: 78c92c0242c9540f68a629d4ac49c516\n   sha1sum: 7fc255fcd1a6784458012314db1206ed922e92cf\n\n   Player for Linux 32-bit (.bundle)\n   md5sum: e7cd19d39c7bbd1aee582743d76a7863\n   sha1sum: cff76010f0429576288ea1e5a594cd47a2c64f4a\n\n   Player for Linux 64-bit (.bundle)\n   md5sum: 88b08537c6eea705883dc1755b97738c\n   sha1sum: 84f25370d24c03a18968a4f4c8e06cef3d21c2df\n\n   VMware VIX API for Windows 32-bit and 64-bit\n   md5sum: 2c46fc7e2516f331eb4dd23154d00a54\n   sha1sum: 85ceb1b718806c6870e3a918bcc772d1486ccdc9\n\n   VMware VIX API for 32-bit Linux\n   md5sum: 8b0994a26363246b5e954f97bd5a088d\n   sha1sum: af93da138a158ee6e05780a5c4042414735987b6\n\n   VMware VIX API for 64-bit Linux\n   md5sum: ef7b9890c52b1e333f2357760a7fff85\n   sha1sum: dfef8531356de78171e13c4c108ebaeb43eaa62d\n\n   VMware Player 2.5.4\n   -------------------\n   http://downloads.vmware.com/download/player/player_reg.html\n   Release notes:\nhttp://downloads.vmware.com/support/player25/doc/releasenotes_player254.html\n\n   Player for Windows 32-bit and 64-bit (.exe)\n   md5sum: 531140a1eeed7d8b71f726b3d32a9174\n   sha1sum: 2500fa8af48452bd0e97040b80c569c3cb4f73e5\n\n   Player for Linux (.rpm)\n   md5sum: 1905f61af490f9760bef54450747e708\n   sha1sum: cf7444c0a6331439c5479a4158112a60eb0e6e8d\n\n   Player for Linux (.bundle)\n   md5sum: 74f539005687a4efce7971f7ef019af5\n   sha1sum: 4c4412c5807ecd00e66886e0e7c43ed61b62aab7\n\n   Player for Linux - 64-bit (.rpm)\n   md5sum: 013078d7f6adcdbcbaafbf5e0ae11a39\n   sha1sum: 7c434173a3fe446ebefce4803bfaa7ab67d1ff72\n\n   Player for Linux - 64-bit (.bundle)\n   md5sum: 175ce2f9656ff10a1327c0d48f80c65f\n   sha1sum: bf7acfdcb44bf345d58f79ad1bcb04816f262d22\n\n\n   VMware ACE 2.6.1\n   ----------------\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-261-WIN\n   Release notes:\n   http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html\n\n   VMware Workstation for 32-bit and 64-bit Windows with tools\n   md5sum: fc8502a748de3b8f94c5c9571c1f17d2\n   sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\n\n   VMware Workstation for Windows 32-bit and 64-bit without tools\n   md5sum: 6a18ea3847cb727b03f7890f5643db79\n   sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\n\n   ACE Management Server Virtual Appliance\n   md5sum: e26d258c511572064e99774fbac9184c\n   sha1sum: 9363656b70caa11a31a6229451202d9f8203c1f5\n\n   ACE Management Server for Windows\n   md5sum: e970828f2a5a62ac108879033a70f4b6\n   sha1sum: eca89372eacc78c3130781d0d183715055d64798\n\n   ACE Management Server for SUSE Enterprise Linux 9\n   md5sum: 59b3ad5964daef2844e72fd1765590fc\n   sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f\n\n   ACE Management Server for Red Hat Enterprise Linux 4\n   md5sum: 6623f6a8a645402a1c8c351ec99a1889\n   sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d\n\n   VMware ACE 2.5.4\n   ----------------\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-254-WIN\n   Release notes:\n   http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html\n\n   VMware ACE for Windows 32-bit and 64-bit\n   Windows 32-bit and 64-bit .exe\n   md5sum: 2dc393fcc4e78dcf2165098a4938699a\n   sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\n\n   ACE Management Server Virtual Appliance\n   AMS Virtual Appliance .zip\n   md5sum: 3935f23d4a074e7a3429a1c80cfd2155\n   sha1sum: 5b09439a9c840d39ae49fbd7a79732ecd58c52a3\n\n   ACE Management Server for Windows\n   Windows .exe\n   md5sum: 1173bd7da6ed330a262ed4e2eff6562c\n   sha1sum: d9bce88a350aa957f3387f870af763875d4d9110\n\n   ACE Management Server for SUSE Enterprise Linux 9\n   SLES 9 .rpm\n   md5sum: 0bec2cf8d6ae3bb6976c9d8cc2573208\n   sha1sum: f3c6d9ee3357535b1540cedd9e86d723e2ed2134\n\n   ACE Management Server for Red Hat Enterprise Linux 4\n   RHEL 4 .rpm\n   md5sum: 17caa522af79cf1f6b2ebad16a4ac8a5\n   sha1sum: cdd6e2a4e3d7ad89f95e60f1af024bea7eaba0fe\n\n\n   VMware Server 2.0.2\n   -------------------\n   http://www.vmware.com/download/server/\n   Release notes:\n  http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html\n\n   VMware Server 2\n   Version 2.0.2 | 203138   - 10/26/09\n   507 MB EXE image VMware Server 2 for Windows Operating Systems. A\n   master installer file containing all Windows components of VMware\n   Server. \n   Version 2.0.2 | 203138   - 10/26/09\n   37 MB TAR image\n   md5sum: 95ddea5a0579a35887bd15b083ffea20\n   sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747\n\n   VMware Server 2 for Linux Operating Systems 64-bit version. \n   Version 2.0.2 | 203138   - 10/26/09\n   452 MB RPM image\n   md5sum: 35c8b176601133749e4055e0034f8be6\n   sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece\n\n   The core application needed to run VMware Server 2, 64-bit version. \n\n   The same patch, ESXe350-200912402-T-BG, is also contained in\n   ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update. \n\n   In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also\n   included in ESXe350-201003401-O-BG from March 2010. \n\n\n   ESXe350-201002401-O-SG (latest security update)\n   http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip\n\n   md5sum: 0c8d4d1c0e3c2aed9f785cf081225d83\n\n   http://kb.vmware.com/kb/1015047 (Vi Client)\n\n   http://kb.vmware.com/kb/1016665 (VM Tools)\n\n   http://kb.vmware.com/kb/1017685 (Firmware)\n\n\n\n   The three ESXi patches for Firmware \"I\", VMware Tools \"T,\" and the\n   VI Client \"C\" are contained in a single offline \"O\" download file. \n\n\n   ESX\n   ---\n   ESX 4.0 bulletin ESX400-201002401-BG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip\n   md5sum: de62cbccaffa4b2b6831617f18c1ccb4\n   sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab\n   http://kb.vmware.com/kb/1018403\n\n   Note: ESX400-201002001 contains the bundle with the security fix,\n         ESX400-201002401-BG\n   To install an individual bulletin use esxupdate with the -b option. \n   esxupdate --bundle ESX400-201002001 -b ESX400-201002401-BG\n\n   ESX 4.0 bulletin ESX400-200911223-UG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-166-20091202-254879/ESX-4.0.0-update01a.zip\n   md5sum: 99c1fcafbf0ca105ce73840d686e9914\n   sha1sum: aa8a23416271bc28b6b8f6bdbe00045e36314ebb\n   http://kb.vmware.com/kb/1014842\n\n   Note: ESX-4.0.0-update01a contains the bundle with the security fix,\n         ESX400-200911223-UG\n   To install an individual bulletin use esxupdate with the -b option. \n   esxupdate --bundle ESX-4.0.0-update01a -b ESX400-200911223-UG\n\n   ESX 3.5 patch ESX350-200912401-BG\n   http://download3.vmware.com/software/vi/ESX350-200912401-BG.zip\n   md5sum: f1d3589745b4ae933554785aef22bacc\n   sha1sum: d1e5a9209b165d43d75f076e556fc028bec4cc47\n   http://kb.vmware.com/kb/1016657\n\n   ESX 3.0.3 patch ESX303-201002203-UG\n   http://download3.vmware.com/software/vi/ESX303-201002203-UG.zip\n   md5sum: 49ee56b687707cbe6999836c315f081a\n   http://kb.vmware.com/kb/1018030\n\n   ESX 2.5.5 Upgrade Patch 15\n http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz\n   md5sum: c346fe510b6e51145570e03083f77357\n   sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4\n   http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html\n\n\n5. References\n   http://www.acrossecurity.com/advisories.htm\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1564\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1565\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141\n\n6. Change log\n2010-04-09  VMSA-2010-0007\nInitial security advisory after release of Workstation 6.5.4 and Fusion\n2.0.7 on 2010-04-08. \n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFLvvM8S2KysvBH1xkRAgu/AJ9RrzlOq/5Ug0t8R4qoi/UwDVJDpACbBGgT\nd58bjKG6Ic7m/TsoJP4M2tw=\n=Q1zv\n-----END PGP SIGNATURE-----\n. \n\nFor more information see vulnerabilities #3 through #7 in:\nSA39206\n\nSOLUTION:\nRestrict local access to trusted users only. Do not open untrusted\nimages or video files. \n\nBackground\n==========\n\nVMware Player, Server, and Workstation allow emulation of a complete PC\non a PC without the usual performance overhead of most emulators. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulation/vmware-player\n                              \u003c= 2.5.5.328052              Vulnerable!\n  2  app-emulation/vmware-workstation\n                              \u003c= 6.5.5.328052              Vulnerable!\n  3  app-emulation/vmware-server\n                              \u003c= 1.0.9.156507              Vulnerable!\n    -------------------------------------------------------------------\n     NOTE: Certain packages are still vulnerable. Users should migrate\n           to another package if one is available or wait for the\n           existing packages to be marked stable by their\n           architecture maintainers. Please review the CVE identifiers referenced below for\ndetails. \n\nA remote attacker could entice a user to open a specially crafted file,\npossibly resulting in the remote execution of arbitrary code, or a\nDenial of Service. Remote attackers also may be able to spoof DNS\ntraffic, read arbitrary files, or inject arbitrary web script to the\nVMware Server Console. \n\nFurthermore, guest OS users may be able to execute arbitrary code on\nthe host OS, gain escalated privileges on the guest OS, or cause a\nDenial of Service (crash the host OS). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. We recommend that users\nunmerge VMware Server:\n\n  # emerge --unmerge \"app-emulation/vmware-server\"\n\nReferences\n==========\n\n[  1 ] CVE-2007-5269\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269\n[  2 ] CVE-2007-5503\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503\n[  3 ] CVE-2007-5671\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671\n[  4 ] CVE-2008-0967\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967\n[  5 ] CVE-2008-1340\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340\n[  6 ] CVE-2008-1361\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361\n[  7 ] CVE-2008-1362\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362\n[  8 ] CVE-2008-1363\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363\n[  9 ] CVE-2008-1364\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364\n[ 10 ] CVE-2008-1392\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392\n[ 11 ] CVE-2008-1447\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447\n[ 12 ] CVE-2008-1806\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806\n[ 13 ] CVE-2008-1807\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807\n[ 14 ] CVE-2008-1808\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808\n[ 15 ] CVE-2008-2098\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098\n[ 16 ] CVE-2008-2100\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100\n[ 17 ] CVE-2008-2101\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101\n[ 18 ] CVE-2008-4915\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915\n[ 19 ] CVE-2008-4916\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916\n[ 20 ] CVE-2008-4917\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917\n[ 21 ] CVE-2009-0040\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040\n[ 22 ] CVE-2009-0909\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909\n[ 23 ] CVE-2009-0910\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910\n[ 24 ] CVE-2009-1244\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244\n[ 25 ] CVE-2009-2267\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267\n[ 26 ] CVE-2009-3707\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707\n[ 27 ] CVE-2009-3732\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732\n[ 28 ] CVE-2009-3733\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733\n[ 29 ] CVE-2009-4811\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811\n[ 30 ] CVE-2010-1137\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137\n[ 31 ] CVE-2010-1138\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138\n[ 32 ] CVE-2010-1139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139\n[ 33 ] CVE-2010-1140\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140\n[ 34 ] CVE-2010-1141\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141\n[ 35 ] CVE-2010-1142\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142\n[ 36 ] CVE-2010-1143\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143\n[ 37 ] CVE-2011-3868\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\n\n  Secunia CSI\n+ Microsoft SCCM\n-----------------------\n= Extensive Patch Management\n\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nVMware Products Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA39206\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/39206/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in multiple VMware products,\nwhich can be exploited by malicious, local users to disclose\nsensitive information or gain escalated privileges, and by malicious\npeople to disclose sensitive information, cause a DoS (Denial of\nService), or potentially compromise a user\u0027s system. \n\nNOTE: This vulnerability cannot be exploited without administrative\nprivileges on recent Windows versions (e.g. Windows XP and Windows\nVista). \n\n3) An error in libpng can be exploited to disclose uninitialised\nmemory via a specially crafted image. \n\nFor more information:\nSA35346\n\n4) A boundary error and two integer truncation errors in the VMnc\ncodec can be exploited to potentially execute arbitrary code. \n\nFor more information:\nSA36712\n\n5) An error in the VMware Authorization Service (\"vmware-authd\") can\nbe exploited to cause a crash. \n\nFor more information:\nSA39201\n\nSOLUTION:\nUpdate to a fixed version. \n\nPROVIDED AND/OR DISCOVERED BY:\n4) Alin Rad Pop, Secunia Research\n\nThe vendor also credits:\n1) Jure Skofic and Mitja Kolsek of ACROS Security\n2) Thierry Zoller\n4) iDefense and Sebastien Renaud of Vupen\n6) Johann MacDonagh\n7) Thomas Toth-Steiner\n\nORIGINAL ADVISORY:\nVMware (VMSA-2010-0007):\nhttp://lists.vmware.com/pipermail/security-announce/2010/000090.html\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2009-36/\nhttp://secunia.com/secunia_research/2009-37/\n\nOTHER REFERENCES:\nSA35346:\nhttp://secunia.com/advisories/35346/\n\nSA36712:\nhttp://secunia.com/advisories/36712/\n\nSA36988:\nhttp://secunia.com/advisories/36988/\n\nSA39198:\nhttp://secunia.com/advisories/39198/\n\nSA39201:\nhttp://secunia.com/advisories/39201/\n\nSA39203:\nhttp://secunia.com/advisories/39203/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "db": "BID",
        "id": "39407"
      },
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "db": "PACKETSTORM",
        "id": "88508"
      },
      {
        "db": "PACKETSTORM",
        "id": "88215"
      },
      {
        "db": "PACKETSTORM",
        "id": "88234"
      },
      {
        "db": "PACKETSTORM",
        "id": "117012"
      },
      {
        "db": "PACKETSTORM",
        "id": "88233"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-1139",
        "trust": 4.0
      },
      {
        "db": "SECUNIA",
        "id": "39201",
        "trust": 3.2
      },
      {
        "db": "SECUNIA",
        "id": "39206",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "39215",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "39407",
        "trust": 2.2
      },
      {
        "db": "OSVDB",
        "id": "63606",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1023835",
        "trust": 1.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158",
        "trust": 1.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0852",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "14789",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "14788\u203b14789",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "14788",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[SECURITY-ANNOUNCE] 20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "7D7D04E1-463F-11E9-941D-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "46D0BBE4-2356-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1139",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88508",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88215",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88234",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "117012",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88233",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "db": "BID",
        "id": "39407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "db": "PACKETSTORM",
        "id": "88508"
      },
      {
        "db": "PACKETSTORM",
        "id": "88215"
      },
      {
        "db": "PACKETSTORM",
        "id": "88234"
      },
      {
        "db": "PACKETSTORM",
        "id": "117012"
      },
      {
        "db": "PACKETSTORM",
        "id": "88233"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ]
  },
  "id": "VAR-201004-0982",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      }
    ],
    "trust": 0.1
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:43:21.639000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "VMSA-2010-0007",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2010-0007.html"
      },
      {
        "title": "VMSA-2010-0007: Multiple Security Patches for vCenter Server and ESX",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/158"
      },
      {
        "title": "VMware Security Advisories: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=9a156b22cf9a31c993f6585b6881d5a5"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-134",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://secunia.com/advisories/39201"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/39206"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/39215"
      },
      {
        "trust": 2.0,
        "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.securityfocus.com/bid/39407"
      },
      {
        "trust": 1.9,
        "url": "http://www.securitytracker.com/id?1023835"
      },
      {
        "trust": 1.9,
        "url": "http://osvdb.org/63606"
      },
      {
        "trust": 1.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2010-0007.html"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
      },
      {
        "trust": 1.2,
        "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1139"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1139"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2010/0852"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/14788\u203b14789"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/39201/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3732"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3707"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/39206/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/134.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1015047"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/wkst/vmware-moviedecoder-6.5.4-246459.exe"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1016665"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3707"
      },
      {
        "trust": 0.1,
        "url": "https://hostupdate.vmware.com/software/vum/offline/release-192-20100228-732240/esx400-201002001.zip"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1018404"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx303-201002203-ug.zip"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/lifecycle/vi/faq.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=fus-302"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=ace-254-win"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2042"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1141"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/tryvmware/?p=player\u0026lp=default"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1016657"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1565"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-701-lx"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://hostupdate.vmware.com/software/vum/offline/release-193-20100228-731251/esxi400-201002001.zip"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/player30/doc/releasenotes_player301.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1142"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1142"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=fus-207"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1017685"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/player/player_reg.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1139"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1018030"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2042"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3732"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/player25/doc/releasenotes_player254.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=ace-261-win"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1565"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/download/server/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1138"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-654-win"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com)"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esx350-200912401-bg.zip"
      },
      {
        "trust": 0.1,
        "url": "http://tinyurl.com/27mpjo"
      },
      {
        "trust": 0.1,
        "url": "http://www.acrossecurity.com)"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-701-win"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1014842"
      },
      {
        "trust": 0.1,
        "url": "https://hostupdate.vmware.com/software/vum/offline/release-166-20091202-254879/esx-4.0.0-update01a.zip"
      },
      {
        "trust": 0.1,
        "url": "http://www.acrossecurity.com/advisories.htm"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1138"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1564"
      },
      {
        "trust": 0.1,
        "url": "http://download3.vmware.com/software/vi/esxe350-201002401-o-sg.zip"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-654-lx"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1564"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1018403"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39215/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4915"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3868"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3732"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1142"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4917"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2098"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4916"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1140"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1447"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2267"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0910"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1137"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1138"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1447"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1361"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1143"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2098"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1807"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2100"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4916"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1244"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1808"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1807"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1392"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2101"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1806"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0909"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2267"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3707"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2101"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4917"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2100"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5503"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0967"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5671"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1806"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5503"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0910"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1392"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1244"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0967"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36988/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36712/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2009-36/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_research/2009-37/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39203/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39198/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35346/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "db": "BID",
        "id": "39407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "db": "PACKETSTORM",
        "id": "88508"
      },
      {
        "db": "PACKETSTORM",
        "id": "88215"
      },
      {
        "db": "PACKETSTORM",
        "id": "88234"
      },
      {
        "db": "PACKETSTORM",
        "id": "117012"
      },
      {
        "db": "PACKETSTORM",
        "id": "88233"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "db": "BID",
        "id": "39407"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "db": "PACKETSTORM",
        "id": "88508"
      },
      {
        "db": "PACKETSTORM",
        "id": "88215"
      },
      {
        "db": "PACKETSTORM",
        "id": "88234"
      },
      {
        "db": "PACKETSTORM",
        "id": "117012"
      },
      {
        "db": "PACKETSTORM",
        "id": "88233"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-04-13T00:00:00",
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "date": "2010-04-13T00:00:00",
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2010-04-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "date": "2010-04-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "date": "2010-04-09T00:00:00",
        "db": "BID",
        "id": "39407"
      },
      {
        "date": "2010-05-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "date": "2010-04-16T05:45:28",
        "db": "PACKETSTORM",
        "id": "88508"
      },
      {
        "date": "2010-04-10T03:16:16",
        "db": "PACKETSTORM",
        "id": "88215"
      },
      {
        "date": "2010-04-12T12:34:16",
        "db": "PACKETSTORM",
        "id": "88234"
      },
      {
        "date": "2012-09-30T16:40:15",
        "db": "PACKETSTORM",
        "id": "117012"
      },
      {
        "date": "2010-04-12T12:34:14",
        "db": "PACKETSTORM",
        "id": "88233"
      },
      {
        "date": "2010-04-12T18:30:00.587000",
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "date": "2010-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-04-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      },
      {
        "date": "2013-05-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-1139"
      },
      {
        "date": "2012-10-01T19:10:00",
        "db": "BID",
        "id": "39407"
      },
      {
        "date": "2010-05-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001367"
      },
      {
        "date": "2013-05-15T03:07:56.200000",
        "db": "NVD",
        "id": "CVE-2010-1139"
      },
      {
        "date": "2010-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "39407"
      },
      {
        "db": "PACKETSTORM",
        "id": "88508"
      },
      {
        "db": "PACKETSTORM",
        "id": "88234"
      },
      {
        "db": "PACKETSTORM",
        "id": "88233"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VMWare VIX API vmrun Tool Format String Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-0571"
      }
    ],
    "trust": 1.0
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Format string",
    "sources": [
      {
        "db": "IVD",
        "id": "7d7d04e1-463f-11e9-941d-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "46d0bbe4-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201004-158"
      }
    ],
    "trust": 1.0
  }
}

ghsa-3jcj-m65j-r72c

Vulnerability from github

Published

2022-05-02 06:19

Modified

2022-05-02 06:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-1139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-04-12T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.",
  "id": "GHSA-3jcj-m65j-r72c",
  "modified": "2022-05-02T06:19:17Z",
  "published": "2022-05-02T06:19:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1139"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/63606"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39201"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39206"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39215"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/39407"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023835"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2010-1139

Vulnerability from fkie_nvd

Published

2010-04-12 18:30

Modified

2024-11-21 01:13

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Patch, Vendor Advisory
cve@mitre.org	http://osvdb.org/63606
cve@mitre.org	http://secunia.com/advisories/39201	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39206	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/39215	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.org	http://www.securityfocus.com/bid/39407
cve@mitre.org	http://www.securitytracker.com/id?1023835
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/63606
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39201	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39206	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39215	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/39407
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023835
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	workstation	6.5.0
vmware	workstation	6.5.1
vmware	workstation	6.5.2
vmware	workstation	6.5.3
vmware	player	2.5
vmware	player	2.5.1
vmware	player	2.5.2
vmware	player	2.5.3
linux	linux_kernel	*
vmware	server	2.0.0
vmware	server	2.0.1
vmware	server	2.0.2
linux	linux_kernel	*
vmware	fusion	2.0
vmware	fusion	2.0.1
vmware	fusion	2.0.2
vmware	fusion	2.0.3
vmware	fusion	2.0.4
vmware	fusion	2.0.5
vmware	fusion	2.0.6
vmware	vix_api	1.6.0
vmware	vix_api	1.6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C47EB8-8844-4D49-9246-008F7AE45C60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9FDEEE1-BC47-4EE6-A56B-C7626D554019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98918409-9F58-4FBC-B5C1-4015B5E3C0FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de formato de cadena en vmrun en VMware VIX API v1.6.x, VMware Workstation v6.5.x antes de v6.5.4 build 246459, VMware Player v2.5.x antes de v2.5.4 build 246.459, y VMware Server v2.x en Linux y VMware Fusion v2.x antes de v2.0.7 build 246.742, permite a usuarios locales conseguir privilegios a trav\u00e9s de especificadores de formato de cadenas en los metadatos de proceso."
    }
  ],
  "id": "CVE-2010-1139",
  "lastModified": "2024-11-21T01:13:44.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-12T18:30:00.587",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/63606"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39201"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39206"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39215"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/39407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023835"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/63606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/39407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2010-1139

Vulnerability from cvelistv5

gsd-2010-1139

Vulnerability from gsd

var-201004-0982

Vulnerability from variot

Background

Affected packages

Workaround

References

Availability

Concerns?

License

ghsa-3jcj-m65j-r72c

Vulnerability from github

fkie_cve-2010-1139

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature