Vulnerability in Linux Linux_kernel

CVE-2010-1139

Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 24674…

EPSS: 0.001 (22.7th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Vmware Fusion — versions 2.0, 2.0.5, 2.0.3
Vmware Player — versions 2.5.2, 2.5, 2.5.1
Vmware Server — versions 2.0.1, 2.0.2, 2.0.0
Vmware Vix_api — versions 1.6.1, 1.6.0
Vmware Workstation — versions 6.5.0, 6.5.3, 6.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (mailing-list, x_refsource_BUGTRAQ)
20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (mailing-list, x_refsource_FULLDISC)
[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
63606 (x_refsource_OSVDB, vdb-entry)
39201 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
39206 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
39215 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
GLSA-201209-25 (vendor-advisory, x_refsource_GENTOO)
39407 (vdb-entry, x_refsource_BID)
1023835 (vdb-entry, x_refsource_SECTRACK)