You are here

V-227: VMware Workstation and Player vmware-mount Command Flaw Lets Local Users Gain Root Privileges

August 26, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability was reported in VMware Workstation and Player on Debian-based systems

PLATFORM:

VMware Workstation 8.x, 9.x and  Player 4.x, 5.x

ABSTRACT:

VMware Workstation and Player contain a vulnerability in the handling of the vmware-mount command

REFERENCE LINKS:

Security Tracker Alert ID 1028948
VMware Security Advisory VMSA-2013-0010 
CVE-2013-1662

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local malicious user may exploit this vulnerability to escalate their privileges to root on the host OS. The issue is present when Workstation or Player are installed on a Debian-based version of Linux

IMPACT:

System Access

SOLUTION:

A workaround for the issue is to remove the setuid bit from vmware-mount: # chmod u-s /usr/bin/vmware-mount
This workaround is relevant for both Workstation and Player.

Addthis