File Modification Vulnerability in VMware Workstation and Fusion
CVE-2011-2145

Currently unrated

Key Information:

Vendor: Vmware
Status: Esx; Esxi; Fusion; Player
Vendor: CVE Published:; 6 June 2011

Summary

A procedural error in the mount.vmhgfs component of the VMware Host Guest File System exposes a significant security risk. This vulnerability affects various versions of VMware software, allowing users of guest operating systems—specifically Solaris and FreeBSD—to alter arbitrary files in the guest OS. The flaw results from multiple unspecified vectors that fail to adequately isolate guest filesystem operations. Users are advised to update to the latest versions of VMware products to mitigate this risk.

References

http://secunia.com/advisories/44904

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/48098

vdb-entryx_refsource_BID

http://www.vmware.com/security/advisories/VMSA-2011-0009....

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 6, 2011
Vulnerability Reserved
May 17, 2011