CVE-2010-1138
Summary
| CVE | CVE-2010-1138 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-04-12 18:30:00 UTC |
| Updated | 2013-05-15 03:07:00 UTC |
| Description | The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Application | Vmware | Ace | 2.5.0 | All | All | All |
| Application | Vmware | Ace | 2.5.1 | All | All | All |
| Application | Vmware | Ace | 2.5.2 | All | All | All |
| Application | Vmware | Ace | 2.5.3 | All | All | All |
| Application | Vmware | Ace | 2.6 | All | All | All |
| Application | Vmware | Ace | 2.5.0 | All | All | All |
| Application | Vmware | Ace | 2.5.1 | All | All | All |
| Application | Vmware | Ace | 2.5.2 | All | All | All |
| Application | Vmware | Ace | 2.5.3 | All | All | All |
| Application | Vmware | Ace | 2.6 | All | All | All |
| Application | Vmware | Fusion | 2.0 | All | All | All |
| Application | Vmware | Fusion | 2.0.1 | All | All | All |
| Application | Vmware | Fusion | 2.0.2 | All | All | All |
| Application | Vmware | Fusion | 2.0.3 | All | All | All |
| Application | Vmware | Fusion | 2.0.4 | All | All | All |
| Application | Vmware | Fusion | 2.0.5 | All | All | All |
| Application | Vmware | Fusion | 2.0.6 | All | All | All |
| Application | Vmware | Fusion | 3.0 | All | All | All |
| Application | Vmware | Fusion | 2.0 | All | All | All |
| Application | Vmware | Fusion | 2.0.1 | All | All | All |
| Application | Vmware | Fusion | 2.0.2 | All | All | All |
| Application | Vmware | Fusion | 2.0.3 | All | All | All |
| Application | Vmware | Fusion | 2.0.4 | All | All | All |
| Application | Vmware | Fusion | 2.0.5 | All | All | All |
| Application | Vmware | Fusion | 2.0.6 | All | All | All |
| Application | Vmware | Fusion | 3.0 | All | All | All |
| Application | Vmware | Player | 2.5 | All | All | All |
| Application | Vmware | Player | 2.5.1 | All | All | All |
| Application | Vmware | Player | 2.5.2 | All | All | All |
| Application | Vmware | Player | 2.5.3 | All | All | All |
| Application | Vmware | Player | 3.0 | All | All | All |
| Application | Vmware | Player | 2.5 | All | All | All |
| Application | Vmware | Player | 2.5.1 | All | All | All |
| Application | Vmware | Player | 2.5.2 | All | All | All |
| Application | Vmware | Player | 2.5.3 | All | All | All |
| Application | Vmware | Player | 3.0 | All | All | All |
| Application | Vmware | Server | 2.0.0 | All | All | All |
| Application | Vmware | Server | 2.0.1 | All | All | All |
| Application | Vmware | Server | 2.0.2 | All | All | All |
| Application | Vmware | Server | 2.0.0 | All | All | All |
| Application | Vmware | Server | 2.0.1 | All | All | All |
| Application | Vmware | Server | 2.0.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.1 | All | All | All |
| Application | Vmware | Workstation | 6.5.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.3 | All | All | All |
| Application | Vmware | Workstation | 7.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.1 | All | All | All |
| Application | Vmware | Workstation | 6.5.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.3 | All | All | All |
| Application | Vmware | Workstation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VMware Server Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| VMware Fusion 3 Virtual Networking Information Disclosure - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| VMware Products Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Gentoo Linux Documentation -- VMware Player, Server, Workstation: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| [Security-announce] VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues | MLIST | lists.vmware.com | Patch, Vendor Advisory |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | BUGTRAQ | archives.neohapsis.com | |
| VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| VMSA-2010-0007.1 | CONFIRM | www.vmware.com | Patch, Vendor Advisory |
| SecurityTracker.com Archives - VMware Networking Stack Memory Leak Lets Local Users Obtain Potentially Sensitive Information | SECTRACK | www.securitytracker.com | |
| 63607 | OSVDB | osvdb.org | |
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | FULLDISC | archives.neohapsis.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.