CVE-2010-1139
First published: Mon Apr 12 2010(Updated: )
Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation and ESXi | =6.5.1 | |
| VMware Workstation and ESXi | =6.5.0 | |
| VMware Workstation and ESXi | =6.5.2 | |
| VMware Workstation and ESXi | =6.5.3 | |
| VMware Fusion | =2.0.1 | |
| VMware Fusion | =2.0.2 | |
| VMware Fusion | =2.0.5 | |
| VMware Fusion | =2.0 | |
| VMware Fusion | =2.0.4 | |
| VMware Fusion | =2.0.6 | |
| VMware Fusion | =2.0.3 | |
| VMware Vix | =1.6.1 | |
| VMware Vix | =1.6.0 | |
| VMware Player | =2.5 | |
| VMware Player | =2.5.1 | |
| VMware Player | =2.5.2 | |
| VMware Player | =2.5.3 | |
| Linux Kernel | ||
| VMware Server | =2.0.0 | |
| VMware Server | =2.0.1 | |
| VMware Server | =2.0.2 | |
| All of | ||
| Any of | ||
| VMware Player | =2.5 | |
| VMware Player | =2.5.1 | |
| VMware Player | =2.5.2 | |
| Any of | ||
| VMware Player | =2.5.3 | |
| Linux Kernel | ||
| All of | ||
| Any of | ||
| VMware Server | =2.0.0 | |
| VMware Server | =2.0.1 | |
| VMware Server | =2.0.2 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/39206
- http://secunia.com/advisories/39215
- http://secunia.com/advisories/39201
- http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
- http://lists.vmware.com/pipermail/security-announce/2010/000090.html
- http://www.vmware.com/security/advisories/VMSA-2010-0007.html
- http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
- http://www.securityfocus.com/bid/39407
- http://www.securitytracker.com/id?1023835
- http://osvdb.org/63606
- http://security.gentoo.org/glsa/glsa-201209-25.xml
Frequently Asked Questions
What is the severity of CVE-2010-1139?
The severity of CVE-2010-1139 is considered high due to its potential to allow local users to gain elevated privileges.
How do I fix CVE-2010-1139?
To mitigate CVE-2010-1139, users should upgrade to the latest versions of VMware products that have addressed this vulnerability.
What products are affected by CVE-2010-1139?
CVE-2010-1139 affects VMware VIX API 1.6.x, VMware Workstation versions prior to 6.5.4, VMware Player versions prior to 2.5.4, VMware Server 2.x, and VMware Fusion versions prior to 2.0.7.
What type of vulnerability is CVE-2010-1139?
CVE-2010-1139 is a format string vulnerability, which can be exploited to execute arbitrary code.
Who can exploit CVE-2010-1139?
CVE-2010-1139 can be exploited by local users who have access to the vulnerable VMware applications.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/event
- vendor/vmware
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/6.5.1
- version/vmware workstation and esxi/6.5.0
- version/vmware workstation and esxi/6.5.2
- version/vmware workstation and esxi/6.5.3
- canonical/vmware fusion
- version/vmware fusion/2.0.1
- version/vmware fusion/2.0.2
- version/vmware fusion/2.0.5
- version/vmware fusion/2.0
- version/vmware fusion/2.0.4
- version/vmware fusion/2.0.6
- version/vmware fusion/2.0.3
- canonical/vmware vix
- version/vmware vix/1.6.1
- version/vmware vix/1.6.0
- canonical/vmware player
- version/vmware player/2.5
- version/vmware player/2.5.1
- version/vmware player/2.5.2
- version/vmware player/2.5.3
- vendor/linux
- canonical/linux kernel
- canonical/vmware server
- version/vmware server/2.0.0
- version/vmware server/2.0.1
- version/vmware server/2.0.2