CVE-2011-1787: Race Condition
First published: Mon Jun 06 2011(Updated: )
Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation and ESXi | =7.1.1 | |
| VMware Workstation and ESXi | =7.1.2 | |
| VMware Workstation and ESXi | =7.1.3 | |
| VMware Player | =3.1 | |
| VMware Player | =3.1.1 | |
| VMware Player | =3.1.2 | |
| VMware Player | =3.1.3 | |
| VMware Fusion Pro | =3.1 | |
| VMware Fusion Pro | =3.1.1 | |
| VMware Fusion Pro | =3.1.2 | |
| VMware ESXi | =3.0.3 | |
| VMware ESXi | =3.5 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.1 | |
| VMware ESXi | =3.5 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1787?
CVE-2011-1787 is considered a medium-severity vulnerability that allows guest OS users to gain elevated privileges.
How do I fix CVE-2011-1787?
The recommended fix for CVE-2011-1787 is to upgrade to VMware Workstation 7.1.4, Player 3.1.4, Fusion 3.1.3, or later versions.
Which versions of VMware are affected by CVE-2011-1787?
CVE-2011-1787 affects VMware Workstation versions prior to 7.1.4, Player prior to 3.1.4, and Fusion prior to 3.1.3, as well as ESXi and ESX versions through 4.1.
Can CVE-2011-1787 be exploited remotely?
CVE-2011-1787 cannot be exploited remotely as it requires local access to the guest OS.
What types of systems are impacted by CVE-2011-1787?
CVE-2011-1787 impacts systems running VMware Workstation, VMware Player, VMware Fusion, and VMware ESX/ESXi.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/vmware
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/7.1.1
- version/vmware workstation and esxi/7.1.2
- version/vmware workstation and esxi/7.1.3
- canonical/vmware player
- version/vmware player/3.1
- version/vmware player/3.1.1
- version/vmware player/3.1.2
- version/vmware player/3.1.3
- canonical/vmware fusion pro
- version/vmware fusion pro/3.1
- version/vmware fusion pro/3.1.1
- version/vmware fusion pro/3.1.2
- canonical/vmware esxi
- version/vmware esxi/3.0.3
- version/vmware esxi/3.5
- version/vmware esxi/4.0
- version/vmware esxi/4.1