VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
BID:39395
CVE-2010-1138 |Info
VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
| Bugtraq ID: | 39395 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1138 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 09 2010 12:00AM |
| Updated: | Oct 01 2012 07:10PM |
| Credit: | Johann MacDonagh |
| Vulnerable: |
VMWare Workstation for Linux 6.5 VMWare Workstation for Linux 0 VMWare Workstation 6.5.3 VMWare Workstation 6.5.2 VMWare Workstation 6.5.1 VMWare Workstation 6.5 build 118166 VMWare Workstation 7.0 VMWare Workstation 6.5.3 build 185404 VMWare Workstation 6.5.2 build 156735 VMWare Server 2.0.2 Build 203138 VMWare Server 2.0.2 VMWare Server 2.0.1 build 156745 VMWare Server 2.0.1 VMWare Server 2.0 VMWare Player for Linux 2.5 VMWare Player for Linux 0 VMWare Player 2.5.4 VMWare Player 2.5.3 VMWare Player 2.5.2 build 156735 VMWare Player 2.5.2 VMWare Player 2.5.1 VMWare Player 2.5 build 118166 VMWare Player 3.0 VMWare Player 2.5.3 build 185404 VMWare Fusion 2.0.6 Build 196839 VMWare Fusion 2.0.6 VMWare Fusion 2.0.5 VMWare Fusion 2.0.4 VMWare Fusion 2.0.3 VMWare Fusion 2.0.2 build 147997 VMWare Fusion 3.0 VMWare Fusion 2 VMWare ACE 2.5.3 Build 185404 VMWare ACE 2.5.2 build 156735 VMWare ACE 2.5.2 VMWare ACE 2.5.1 VMWare ACE 2.5 build 118166 VMWare ACE 2.6 Gentoo Linux |
| Not Vulnerable: |
VMWare Workstation for Linux 6.5.4 build 246459 VMWare Workstation 7.0.1 build 227600 VMWare Workstation 6.5.4 build 246459 VMWare Player for Linux 2.5.4 build 246459 VMWare Player 3.0.1 build 227600 VMWare Player 2.5.4 build 246459 VMWare Fusion 3.0.1 Build 232708 VMWare Fusion 2.0.7 Build 246742 VMWare ACE 2.6.1 build 227600 VMWare ACE 2.5.4 build 246459 |
Discussion
VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
Multiple VMware-hosted products are prone to an information-disclosure vulnerability.
An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks.
The following applications are vulnerable:
Workstation
Player
ACE
Server
Fusion
NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it.
Multiple VMware-hosted products are prone to an information-disclosure vulnerability.
An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks.
The following applications are vulnerable:
Workstation
Player
ACE
Server
Fusion
NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it.
Exploit / POC
VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
References:
References:
- VMware Homepage (VMware)