CVE-2010-4296
First published: Mon Dec 06 2010(Updated: )
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation and ESXi | =7.0 | |
| VMware Workstation and ESXi | =7.0.1 | |
| VMware Workstation and ESXi | =7.1 | |
| VMware Workstation and ESXi | =7.1.1 | |
| VMware Workstation and ESXi | =7.1.2 | |
| Linux Kernel | ||
| VMware Player | =3.1 | |
| VMware Player | =3.1.1 | |
| VMware Player | =3.1.2 | |
| VMware Server | =2.0.2 | |
| VMware Fusion | =3.1 | |
| VMware Fusion | =3.1.1 | |
| VMware Fusion | =3.1.2 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.vmware.com/pipermail/security-announce/2010/000112.html
- http://www.vmware.com/security/advisories/VMSA-2010-0018.html
- http://secunia.com/advisories/42482
- http://www.securitytracker.com/id?1024820
- http://www.vupen.com/english/advisories/2010/3116
- http://secunia.com/advisories/42453
- http://www.securitytracker.com/id?1024819
- http://www.securityfocus.com/bid/45168
- http://osvdb.org/69584
- http://www.securityfocus.com/archive/1/514995/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-4296?
CVE-2010-4296 has a moderate severity rating due to its potential to escalate privileges for host OS users.
How do I fix CVE-2010-4296?
To fix CVE-2010-4296, upgrade VMware Workstation to version 7.1.2 or higher, VMware Player to version 3.1.2 or higher, VMware Server to version 2.0.2 or higher, or VMware Fusion to version 3.1.2 or higher.
Which VMware products are affected by CVE-2010-4296?
CVE-2010-4296 affects VMware Workstation versions 7.0 to 7.1.1, VMware Player versions 3.1 to 3.1.1, VMware Server 2.0.2, and VMware Fusion versions 3.1 to 3.1.1.
What platforms are impacted by CVE-2010-4296?
CVE-2010-4296 impacts VMware software running on Linux platforms.
Can CVE-2010-4296 be exploited remotely?
CVE-2010-4296 cannot be exploited remotely as it requires local access to the host operating system.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/7.0
- version/vmware workstation and esxi/7.0.1
- version/vmware workstation and esxi/7.1
- version/vmware workstation and esxi/7.1.1
- version/vmware workstation and esxi/7.1.2
- vendor/linux
- canonical/linux kernel
- canonical/vmware player
- version/vmware player/3.1
- version/vmware player/3.1.1
- version/vmware player/3.1.2
- canonical/vmware server
- version/vmware server/2.0.2
- canonical/vmware fusion
- version/vmware fusion/3.1
- version/vmware fusion/3.1.1
- version/vmware fusion/3.1.2
- vendor/apple
- canonical/apple ios and macos