CVE-2010-4295

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
References
Link Resource
http://lists.vmware.com/pipermail/security-announce/2010/000112.html Mailing List Vendor Advisory
http://osvdb.org/69585 Broken Link
http://secunia.com/advisories/42453 Broken Link Vendor Advisory
http://secunia.com/advisories/42482 Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/514995/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45167 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024819 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024820 Broken Link Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0018.html Vendor Advisory
http://www.vupen.com/english/advisories/2010/3116 Broken Link Vendor Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000112.html Mailing List Vendor Advisory
http://osvdb.org/69585 Broken Link
http://secunia.com/advisories/42453 Broken Link Vendor Advisory
http://secunia.com/advisories/42482 Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/514995/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45167 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024819 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024820 Broken Link Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0018.html Vendor Advisory
http://www.vupen.com/english/advisories/2010/3116 Broken Link Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:20

Type Values Removed Values Added
References () http://lists.vmware.com/pipermail/security-announce/2010/000112.html - Mailing List, Vendor Advisory () http://lists.vmware.com/pipermail/security-announce/2010/000112.html - Mailing List, Vendor Advisory
References () http://osvdb.org/69585 - Broken Link () http://osvdb.org/69585 - Broken Link
References () http://secunia.com/advisories/42453 - Broken Link, Vendor Advisory () http://secunia.com/advisories/42453 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/42482 - Broken Link, Vendor Advisory () http://secunia.com/advisories/42482 - Broken Link, Vendor Advisory
References () http://www.securityfocus.com/archive/1/514995/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/514995/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/45167 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/45167 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1024819 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1024819 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1024820 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1024820 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vmware.com/security/advisories/VMSA-2010-0018.html - Vendor Advisory () http://www.vmware.com/security/advisories/VMSA-2010-0018.html - Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/3116 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2010/3116 - Broken Link, Vendor Advisory

14 Dec 2022, 16:51

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
References (SECUNIA) http://secunia.com/advisories/42482 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/42482 - Broken Link, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/45167 - (BID) http://www.securityfocus.com/bid/45167 - Broken Link, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1024820 - (SECTRACK) http://www.securitytracker.com/id?1024820 - Broken Link, Third Party Advisory, VDB Entry
References (MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000112.html - (MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000112.html - Mailing List, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id?1024819 - (SECTRACK) http://www.securitytracker.com/id?1024819 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/42453 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/42453 - Broken Link, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/514995/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/514995/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (VUPEN) http://www.vupen.com/english/advisories/2010/3116 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2010/3116 - Broken Link, Vendor Advisory
References (OSVDB) http://osvdb.org/69585 - (OSVDB) http://osvdb.org/69585 - Broken Link

Information

Published : 2010-12-06 21:05

Updated : 2024-11-21 01:20


NVD link : CVE-2010-4295

Mitre link : CVE-2010-4295

CVE.ORG link : CVE-2010-4295


JSON object : View

Products Affected

vmware

  • workstation
  • server
  • player
  • fusion

apple

  • mac_os_x

linux

  • linux_kernel
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')