-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Reference: CERT-EU Security Advisory 2013-0068 Title: VMware Workstation host privilege escalation vulnerability in Linux Version [1] Version history: 18.09.2013 Initial publication Summary ======= VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines. CVE number: CVE-2013-1662 CVSS v2 Base Score:6.9 (MEDIUM) (AV:L/AC:M/Au:N/C:C/I:C/A:C) [2] Vulnerable systems ================== VMware Workstation 9.x VMware Workstation 8.x VMware Player 5.x VMware Player 4.x Original Details [1] ================ VMware Workstation and Player contain a vulnerability in the handling of the vmware-mount command. A local malicious user may exploit this vulnerability to escalate their privileges to root on the host OS. The issue is present when Workstation or Player are installed on a Debian-based version of Linux. What can you do? ================ Download the patch for your version. [3] If there is no patch for your version of the product, it may be necessary to upgrade to a higher version. What to tell your users? ======================== N/A More information ================ [1] http://www.vmware.com/support/support-resources/advisories/VMSA-2013-0010.h tml [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1662 [3] https://my.vmware.com/web/vmware/downloads Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.0 (Build 8741) Charset: utf-8 wsFVAwUBUkAoG/pzpNLI8SVoAQiWTQ/+NkolN6Wr1BQVpqgpAxSKSYvde8R24hpp HpsWAM4su6hPBs62LQb+LGwOCB5jYXCi9J4hleMgXNDwPQ3qSaA2l5eP+BYXgkwJ l9GqJ5U8MRJU1F0QsfC1PVJGjfHxB5QMRxurP304knwW9CfemUxnd38OBqHT1g12 ycrI3RZS/0l+rgQTb4N3ctmnXpNhBSYAIB7wAZ3jkM/Bj24wqP6PXd34eFtLzLhv A0oRuj6go74b7mUGNEVqZkpYdhndXG5k1zqELOm+g7dQxkouDEMv5NA/oiu6f7tO iYDV2nW690XJWBHBifyY1cacsAN++VU6J0sq84XBvpsjCas5SucqPN/8me2cvl4P 47CojRWXXFfsk5Yfr5anPmTXTFjtmODJWGWa9Ku3o3kQSlbwtauvi52v57TCuwBN +3mdhy6d6Ff6FivJlLJBogxF4hOooBS3WJ+/+FaMUOkt/cE84GrVQN9z+Jxy8vzt MX2xB0nXxFW03IJV0IElW9ul1fMd9uESs+mH0M6+c9Kjc42W58bYlFi8hAZfzubQ u7pJOziKX9jAhLhw+zt9iPAHRXPPta4IGW39ZRq5XxoIGfUvAHhs5sGTj/I/2juU mPWC4g0LBoH0tLnP5M5CHOu//63Usn1hdKrvYsMJg+1J6yQYMzxNUad4MBYHQ8pK p9d2rM8M4Cw= =3bl8 -----END PGP SIGNATURE-----