Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29998
HistoryNov 18, 2013 - 12:00 a.m.

NEW VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability

2013-11-1800:00:00
vulners.com
10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


               VMware Security Advisory

Advisory ID: VMSA-2013-0013
Synopsis: VMware Workstation host privilege escalation vulnerability
Issue date: 2013-11-14
Updated on: 2013-11-14 (initial advisory)
CVE numbers: CVE-2013-5972


  1. Summary

    VMware has updated VMware Workstation and VMware Player to address a
    vulnerability that could result in an escalation of privilege on
    Linux-based host machines.

  2. Relevant releases

    VMware Workstation for Linux 9.x prior to version 9.0.3

    VMware Player for Linux 5.x prior to version 5.0.3

  3. Problem Description

    a. VMware shared library privilege escalation

    VMware Workstation and VMware Player contain a vulnerability in
    the handling of shared libraries. This issue may allow a local
    malicious user to escalate their privileges to root on the host OS.

    The vulnerability does not allow for privilege escalation from the
    Guest Operating System to the host or vice-versa.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2013-5972 to this issue.

    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.

     VMware          Product   Running   Replace with/
     Product         Version   on        Apply Patch*
     =============   =======   =======   =================
     Workstation     10.x      Linux     not affected
     Workstation     9.x       Linux     9.0.3
     
     Player          6.x       Linux     not affected
     Player          5.x       Linux     5.0.3
     
     Fusion          any       Mac/OS    Not affected
     
     ESXi            any       ESXi      Not affected
     
     ESX             any       ESX       Not affected
    
  4. Solution

    Please review the patch/release notes for your product and version
    and verify the checksum of your downloaded file.

    VMware Workstation 9.x

    https://www.vmware.com/go/downloadworkstation

    VMware Player 5.x

    https://www.vmware.com/go/downloadplayer

  5. References

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5972


  1. Change log

    2013-11-14 VMSA-2013-0013
    Initial security advisory in conjunction with the release of
    an updated version of VMware Workstation 9 and VMware Player 5.


  1. Contact

    E-mail list for product security notifications and announcements:
    http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    E-mail: security at vmware.com
    PGP key at: http://kb.vmware.com/kb/1055

    VMware Security Advisories
    http://www.vmware.com/security/advisories

    VMware security response policy
    http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy
    http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy
    http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2013 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFShPyzDEcm8Vbi9kMRAjDrAKDjfSvmniJFEboWuBUPUTCaKuvmTQCgv0u3
kZiMDISGo+hoN8jT9ad2ZTE=
=hYQy
-----END PGP SIGNATURE-----

Related for SECURITYVULNS:DOC:29998