VMware Products Multiple Vulnerabilities (Linux) -june11

Summary
The host is installed with VMWare product(s) which are vulnerable to multiple vulnerabilities.
Impact
Successful exploitation allows attackers to gain privileges on the guest OS. Impact Level: Application
Solution
Apply the patch or upgrade to player 3.1.4 or later, http://www.vmware.com/products/player/ http://downloads.vmware.com/d/info/desktop_downloads/vmware_player/3_0 Apply the patch or upgrade to VMware Workstation 7.1.4 or later, http://downloads.vmware.com/d/info/desktop_downloads/vmware_workstation/7_0 Apply the patch for VMware ESX, http://kb.vmware.com/kb/1035110 https://hostupdate.vmware.com/software/VUM/OFFLINE/release-275-20110420-062017/ESX410-201104001.z ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****
Insight
Multiple flaws are due to, - An information disclosure vulnerability in 'Mount.vmhgfs', allows guest OS users to determine the existence of host OS files and directories via unspecified vectors. - A race condition privilege escalation in 'Mount.vmhgfs' via a race condition, that allows guest OS users to gain privileges on the guest OS by mounting a file system on top of an arbitrary directory.
Affected
VMware ESX 3.0.3 to 4.1 VMware Player 3.1.x before 3.1.4 VMware Workstation 7.1.x before 7.1.4 on Linux.
References