Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Generic)  >   VMware Vendors:   VMware, Inc.
VMware vmrun Command Format String Flaw Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1023835
SecurityTracker URL:
CVE Reference:   CVE-2010-1139   (Links to External Site)
Date:  Apr 9 2010
Impact:   Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): VIX API (Linux) 1.6.x, Workstation (Linux) 6.5.x, Player (Linux) 2.5.x, Server (Linux) 2.5, Fusion (Mac OS/X) 2.x
Description:   A vulnerability was reported in VMware. A local user can obtain elevated privileges on the target system.

A local user can execute a specially crafted vmrun command. Then, when the target user lists processes, arbitrary code may be executed on the target system with the privileges of the target user.

Linux-based systems are affected.

Thomas Toth-Steiner reported this vulnerability.

Impact:   A local user can cause arbitrary code to be executed with the privileges on the target user.
Solution:   The vendor has issued a fix (VIX API (Linux) 1.7, Workstation (Linux) 6.5.4 build 246459, Player (Linux) 2.5.4 build 246459, Fusion (Mac OS/X 2.0.7) build 246742).

The vendor's advisory will be available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  

Message History:   None.

 Source Message Contents

Date:  Fri, 09 Apr 2010 16:40:21 +0000
Subject:  VMware

i. Linux-based vmrun format string vulnerability

    A format string vulnerability in vmrun could allow arbitrary code

    If a vmrun command is issued and processes are listed, code could
    be executed in the context of the user listing the processes.

    The Common Vulnerabilities and Exposures Project (
    has assigned the name CVE-2010-1139 to this issue.

    VMware would like to thank Thomas Toth-Steiner for reporting this
    issue to us.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    VIX API        any       Windows  not affected
    VIX API        1.6.x     Linux    upgrade to VIX API 1.7 or later
    VIX API        1.6.x     Linux64  upgrade to VIX API 1.7 or later

    Workstation    7.x       any      not affected
    Workstation    6.5.x     Windows  not affected
    Workstation    6.5.x     Linux    6.5.4 build 246459 or later

    Player         3.x       any      not affected
    Player         2.5.x     Windows  not affected
    Player         2.5.x     Linux    2.5.4 build 246459 or later

    Ace            any       Windows  not affected

    Server         2.x       Windows  not affected
    Server         2.x       Linux    not being fixed at this time

    Fusion         3.x       Mac OS/X not affected
    Fusion         2.x       Mac OS/X 2.0.7 build 246742 or later

    ESXi           any       any      not affected

    ESX            any       any      not affected


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2015, LLC