[<prev] [next>] [day] [month] [year] [list]
Message-ID: <EDAB56A4-858D-4B37-B5B0-14F9FCABB0E2@vmware.com>
Date: Fri, 10 Jul 2015 01:14:38 +0000
From: VMware Security Response Center <security@...are.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>,
"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: [FD] NEW VMSA-2015-0005 : VMware Workstation,
Player and Horizon View Client for Windows updates address a host
privilege escalation vulnerability
------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2015-0005
Synopsis: VMware Workstation, Player and Horizon View Client for
Windows updates address a host privilege escalation
vulnerability
Issue date: 2015-07-09
Updated on: 2015-07-09
CVE number: CVE-2015-3650
------------------------------------------------------------------------
1. Summary
VMware Workstation, Player and Horizon View Client for Windows
updates address a host privilege escalation vulnerability.
2. Relevant Releases
VMware Workstation for Windows 11.x prior to version 11.1.1
VMware Workstation for Windows 10.x prior to version 10.0.7
VMware Player for Windows 7.x prior to version 7.1.1
VMware Player for Windows 6.x prior to version 6.0.7
VMware Horizon Client for Windows (with Local Mode Option) prior to
version 5.4.2
3. Problem Description
a. VMware Workstation, Player and Horizon View Client for Windows
host privilege escalation vulnerability.
VMware Workstation, Player and Horizon View Client for Windows do
not set a discretionary access control list (DACL) for one of
their processes. This may allow a local attacker to elevate their
privileges and execute code in the security context of the
affected process.
VMware would like to thank Kyriakos Economou of Nettitude for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-3650 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= ===============
VMware Workstation 11.x Windows 11.1.1
VMware Workstation 10.x Windows 10.0.7
VMware Player 7.x Windows 7.1.1
VMware Player 6.x Windows 6.0.7
VMware Horizon Client for 5.x Windows 5.4.2
Windows (with Local Mode Option)
VMware Horizon Client for 3.x any not affected
Windows
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
VMware Workstation
--------------------------------
https://www.vmware.com/go/downloadworkstation
VMware Player
--------------------------------
https://www.vmware.com/go/downloadplayer
VMware Horizon Clients
--------------------------------
https://www.vmware.com/go/viewclients
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650
------------------------------------------------------------------------
6. Change log
2015-07-09 VMSA-2015-0005
Initial security advisory.
------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
Download attachment "signature.asc" of type "application/pgp-signature" (205 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists