Vulnerability Name:

CVE-2010-1139 (CCN-57670)

Assigned:2010-04-09
Published:2010-04-09
Updated:2013-05-15
Summary:Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-134
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: FULLDISC
Type: UNKNOWN
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: MITRE
Type: CNA
CVE-2010-1139

Source: CCN
Type: VMSA-2010-0007
VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: MLIST
Type: Patch, Vendor Advisory
[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Source: OSVDB
Type: UNKNOWN
63606

Source: CCN
Type: SA39201
VMware VIX API "vmrun" Format String Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39201

Source: CCN
Type: SA39206
VMware Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
39206

Source: CCN
Type: SA39215
VMware Server Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
39215

Source: GENTOO
Type: UNKNOWN
GLSA-201209-25

Source: CCN
Type: SECTRACK ID: 1023835
VMware vmrun Command Format String Flaw Lets Local Users Gain Elevated Privileges

Source: CCN
Type: OSVDB ID: 63606
VMware VIX API vmrun Utility Process List Format String Local Privilege Escalation

Source: BID
Type: UNKNOWN
39407

Source: CCN
Type: BID-39407
VMware 'vmrun' Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023835

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Source: XF
Type: UNKNOWN
vmware-vmrun-code-execution(57670)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5.3:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:vmware:player:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:2.5.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:vmware:player:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:vmware:server:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:2.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:vmware:fusion:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.6:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:fusion:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:player:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vix_api:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vix_api:1.6.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware workstation 6.5.0
    vmware workstation 6.5.1
    vmware workstation 6.5.2
    vmware workstation 6.5.3
    vmware player 2.5
    vmware player 2.5.1
    vmware player 2.5.2
    vmware player 2.5.3
    linux linux kernel *
    vmware server 2.0.0
    vmware server 2.0.1
    vmware server 2.0.2
    linux linux kernel *
    vmware fusion 2.0
    vmware fusion 2.0.1
    vmware fusion 2.0.2
    vmware fusion 2.0.3
    vmware fusion 2.0.4
    vmware fusion 2.0.5
    vmware fusion 2.0.6
    vmware vix api 1.6.0
    vmware vix api 1.6.1
    vmware fusion 1.0
    vmware workstation 6.5.1
    vmware fusion 2.0.3
    vmware fusion 2.0.2
    vmware fusion 2.0.1
    vmware fusion 2.0
    vmware workstation 6.5.2
    vmware workstation 6.5.3
    vmware fusion 2.0.5
    vmware fusion 2.0.4
    vmware player 2.5.2
    vmware player 2.5.3
    vmware server 2.0.1
    vmware player 2.5
    vmware player 2.5.1
    vmware fusion 2.0.6
    vmware server 2.0.0
    vmware workstation 6.5.0
    vmware server 2.0.2
    vmware vix api 1.6.0
    vmware vix api 1.6.1