CVE-2011-1126

Опубликовано: 04 апр. 2011

Источник: nvd

CVSS2: 6.9

EPSS Низкий

Описание

VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.

Ссылки

http://lists.vmware.com/pipermail/security-announce/2011/000131.html
Vendor Advisory
http://secunia.com/advisories/43885
Vendor Advisory
http://secunia.com/advisories/43943
Vendor Advisory
http://securityreason.com/securityalert/8173
http://securitytracker.com/id?1025270
http://www.securityfocus.com/archive/1/517240/100/0/threaded
http://www.securityfocus.com/bid/47094
http://www.vmware.com/security/advisories/VMSA-2011-0006.html
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0816
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66472
http://lists.vmware.com/pipermail/security-announce/2011/000131.html
Vendor Advisory
http://secunia.com/advisories/43885
Vendor Advisory
http://secunia.com/advisories/43943
Vendor Advisory
http://securityreason.com/securityalert/8173
http://securitytracker.com/id?1025270
http://www.securityfocus.com/archive/1/517240/100/0/threaded
http://www.securityfocus.com/bid/47094
http://www.vmware.com/security/advisories/VMSA-2011-0006.html
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0816
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66472

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:vmware:vix_api:1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vix_api:1.9:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:7.1.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00069

Низкий

6.9 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-j2qw-vv3p-xrvq

github

около 3 лет назад

BDU:2014-00005

fstec

около 14 лет назад

Уязвимость гипервизора VMware Workstation, позволяющая злоумышленнику получить контроль над выполнением утилиты «vmrun»