Summary
The host is installed with VMWare products and are prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to disclose potentially sensitive information.
Impact Level: System/Application
Solution
For Upgrades refer the below link,
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Insight
The flaw is due to error in 'virtual networking stack' when interacting between the guest OS and host 'vmware-vmx' process, which allows attackers to obtain sensitive information from memory on the host OS by examining received network packets.
Affected
VMware Server 2.x,
Vmware Player 3.0 before 3.0.1 build 227600,
VMware Player 2.5.x before 2.5.4 build 246459,
VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 and VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459 on Linux
References
Severity
Classification
-
CVE CVE-2010-1138 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Apple Mac OS X Denial of Service Vulnerability
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)