CVE-2010-4295: Race Condition
First published: Mon Dec 06 2010(Updated: )
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation | =7.0 | |
| VMware Workstation | =7.0.1 | |
| VMware Workstation | =7.1 | |
| VMware Workstation | =7.1.1 | |
| VMware Workstation | =7.1.2 | |
| Linux kernel | ||
| VMware Player | =3.1 | |
| VMware Player | =3.1.1 | |
| VMware Player | =3.1.2 | |
| VMware Server | =2.0.2 | |
| VMware Fusion Pro | =3.1 | |
| VMware Fusion Pro | =3.1.1 | |
| VMware Fusion Pro | =3.1.2 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.vmware.com/pipermail/security-announce/2010/000112.html
- http://www.vmware.com/security/advisories/VMSA-2010-0018.html
- http://secunia.com/advisories/42453
- http://www.securitytracker.com/id?1024820
- http://osvdb.org/69585
- http://www.vupen.com/english/advisories/2010/3116
- http://secunia.com/advisories/42482
- http://www.securitytracker.com/id?1024819
- http://www.securityfocus.com/bid/45167
- http://www.securityfocus.com/archive/1/514995/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-4295?
CVE-2010-4295 is classified as a high-severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2010-4295?
To fix CVE-2010-4295, upgrade to VMware Workstation version 7.1.2 or later, VMware Player version 3.1.2 or later, VMware Server version 2.0.2, or VMware Fusion version 3.1.2 or later.
Which VMware products are affected by CVE-2010-4295?
CVE-2010-4295 affects VMware Workstation 7.x before 7.1.2, VMware Player 3.1.x before 3.1.2, VMware Server 2.0.2, and VMware Fusion 3.1.x before 3.1.2.
What type of vulnerability is CVE-2010-4295?
CVE-2010-4295 is a race condition vulnerability that occurs during the mounting process in VMware software.
Can CVE-2010-4295 be exploited remotely?
CVE-2010-4295 requires local access to the host operating system, making it a local privilege escalation vulnerability rather than a remote exploitation risk.
- collector/nvd-historical
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware workstation
- version/vmware workstation/7.0
- version/vmware workstation/7.0.1
- version/vmware workstation/7.1
- version/vmware workstation/7.1.1
- version/vmware workstation/7.1.2
- vendor/linux
- canonical/linux kernel
- canonical/vmware player
- version/vmware player/3.1
- version/vmware player/3.1.1
- version/vmware player/3.1.2
- canonical/vmware server
- version/vmware server/2.0.2
- canonical/vmware fusion pro
- version/vmware fusion pro/3.1
- version/vmware fusion pro/3.1.1
- version/vmware fusion pro/3.1.2
- vendor/apple
- canonical/apple ios and macos