Published: 28/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 6.3 | Impact Score: 9.2 | Exploitability Score: 3.4

VMScore: 561

Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation up to and including 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware workstation 10.0.1
vmware workstation 10.0.2
vmware workstation
vmware tools
vmware workstation 10.0
vmware vm-support 0.88

Debian Bug report logs - #770809 open-vm-tools: CVE-2014-4199 CVE-2014-4200 Package: open-vm-tools; Maintainer for open-vm-tools is Bernd Zeimetz <bzed@debianorg>; Source for open-vm-tools is src:open-vm-tools (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 24 Nov 2014 10:12:01 UTC ...

vm-support 088 in VMware Tools, as distributed with VMware Workstation through 1003 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp ...

vm-support version 088 suffers from file overwrite and sensitive information disclosure vulnerabilities ...

CWE-59 http://seclists.org/fulldisclosure/2014/Aug/71 http://www.securitytracker.com/id/1030758 http://www.osvdb.org/110458 https://exchange.xforce.ibmcloud.com/vulnerabilities/95493 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770809 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-4199

CVE-2014-4199

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect