Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote ESXi is missing one or more security related Updates from VMSA-2010-0018.
Insight
Insight
VMware hosted products and ESX patches resolve multiple security issues: a. VMware Workstation, Player and Fusion vmware-mount race condition The way temporary files are handled by the mounting process could result in a race condition. This issue could allow a local user on the host to elevate their privileges. VMware Workstation and Player running on Microsoft Windows are not affected. b. VMware Workstation, Player and Fusion vmware-mount privilege escalation vmware-mount which is a suid binary has a flaw in the way libraries are loaded. This issue could allow local users on the host to execute arbitrary shared object files with root privileges. VMware Workstation and Player running on Microsoft Windows are not affected. c. OS Command Injection in VMware Tools update A vulnerability in the input validation of VMware Tools update allows for injection of commands. d. VMware VMnc Codec frame decompression remote code execution The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package. A function in the decoder frame decompression routine implicitly trusts a size value.
Affected Software
Affected Software
VMware Workstation 7.1.1 and earlier, VMware Workstation 6.5.4 and earlier, VMware Player 3.1.1 and earlier, VMware Player 2.5.4 and earlier, VMware Fusion 3.1.1 and earlier, ESXi 4.1 without patch ESXi410-201010402-BG or later ESXi 4.0 without patch ESXi400-201009402-BG or later ESXi 3.5 without patch ESXe350-201008402-T-BG or later ESX 4.1 without patch ESX410-201010405-BG ESX 4.0 without patch ESX400-201009401-SG ESX 3.5 without patch ESX350-201008409-BG
Solution
Solution
Apply the missing patch(es).