Search This Blog

Showing posts with label Vmware vulnerability. Show all posts

Privilege escalation vulnerability in VMware Workstatation and Player fixed

VMware, one of the popular virtual machine software, has issued security update for VMware Workstation and VMware Player patches a vulnerability(CVE-2013-5972) that could result in an escalation of privilege on Linux-based host machines.

"VMware Workstation and VMware Player contain a vulnerability in the handling of shared libraries. " the Security advisory reads.

The vulnerability allows a local attacker to escalate the privilege to root in the host OS.  The security flaw doesn't allow an attacker for privilege escalation from the Guest Operating System to the host or vice-versa.

VMware workstation 9.x versions and VMPlayer 6.x versions on Linux host machines are affected by this vulnerability.

Users are recommended to apply the patch.  Download the latest versions from here: 1https://www.vmware.com/go/downloadworkstation , 2.https://www.vmware.com/go/downloadplayer

VMware Patches critical directory traversal vulnerability in its VMware View


VMware has patched a critical directory traversal vulnerability in its View VMWare desktop virtualization platform that could allow a hacker to access arbitrary files from affected View Servers.

The vulnerability affects both the View Connection Server and the View Security Server. The vulnerability was discovered by Digital Defense, a security service provider.

According to VMware advisory, the affected versions are View 5.x prior to 5.1.2 and 4.x prior to 4.6.2. Users are advised to upgrade to the latest version.

Users who are unable to immediately update their View Servers are advised to "Disable security server" or "blocking directory traversal attacks with an intrusion detection/prevention system or an application firewall".