What is CVE-2010-4295?

CVE-2010-4295 is a vulnerability in Apple Mac_os_x, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). Published 2010-12-06.

Is CVE-2010-4295 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2010-4295

Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2…

Vulnerability class: Race Condition

EPSS: 0.001 (17.5th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Linux Linux_kernel
Vmware Fusion — versions 3.1.1, 3.1.2, 3.1
Vmware Player — versions 3.1.1, 3.1.2, 3.1
Vmware Server — versions 2.0.2
Vmware Workstation — versions 7.0, 7.0.1, 7.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2010-4295

References

[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (Vendor Advisory, mailing-list, x_refsource_MLIST, Mailing List)
69585 (x_refsource_OSVDB, vdb-entry, Broken Link)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
45167 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry, Broken Link)
42453 (x_refsource_SECUNIA, Broken Link, third-party-advisory, Vendor Advisory)
1024819 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)
42482 (x_refsource_SECUNIA, Broken Link, third-party-advisory, Vendor Advisory)
ADV-2010-3116 (vdb-entry, x_refsource_VUPEN, Broken Link, Vendor Advisory)
1024820 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)

Frequently asked questions

What is CVE-2010-4295?: CVE-2010-4295 is a vulnerability in Apple Mac_os_x, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). Published 2010-12-06.
Is CVE-2010-4295 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.