Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-1662

Опубликовано: 24 авг. 2013
Источник: nvd
CVSS2: 6.9
EPSS Низкий

Описание

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

Комментарий

Per: http://www.vmware.com/security/advisories/VMSA-2013-0010.html

"The issue is present when Workstation or Player are installed on a Debian-based version of Linux."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:9.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:9.0.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:4.0.6:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:vmware:player:5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:5.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05605
Низкий

6.9 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-xx33-73cr-ffp7

github
больше 3 лет назад

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

EPSS

Процентиль: 90%
0.05605
Низкий

6.9 Medium

CVSS2

Дефекты

CWE-264