| Vulnerability Name: | CVE-2016-5328 (CCN-118466) | ||||||||||||
| Assigned: | 2016-10-25 | ||||||||||||
| Published: | 2016-10-25 | ||||||||||||
| Updated: | 2017-07-29 | ||||||||||||
| Summary: | VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-254 CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-5328 Source: CCN Type: SECTRACK ID: 1037102 VMware Tools on Mac OS X Virtual Machines Information Disclosure Bug Lets Local Users Bypass Security Restrictions on the Target System Source: BID Type: Third Party Advisory, VDB Entry 93886 Source: CCN Type: BID-93886 VMware Tools CVE-2016-5328 Local Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1037102 Source: CCN Type: VMware Security Advisory VMSA-2016-0017 VMware product updates address multiple information disclosure issue Source: CONFIRM Type: Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2016-0017.html Source: XF Type: UNKNOWN vmware-tools-cve20165328-info-disc(118466) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||