497816 – <app-emulation/vmware-{player-5.0.3,workstation-9.0.3}: Privilege escalation in Windows guest domain (CVE-2013-3519)

Bug 497816 - <app-emulation/vmware-{player-5.0.3,workstation-9.0.3}: Privilege escalation in Windows guest domain (CVE-2013-3519)

Summary: <app-emulation/vmware-{player-5.0.3,workstation-9.0.3}: Privilege escalation ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~1 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2014-01-11 18:05 UTC by GLSAMaker/CVETool Bot
Modified:	2015-12-31 06:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2014-01-11 18:05:50 UTC

CVE-2013-3519 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3519):
  lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x
  before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1,
  and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows
  guest OS users to gain guest OS privileges via an application that performs
  a crafted memory allocation.


I guess this is ~1? It's escalation within a guest domain. @maintainers: Please clean up affected

Comment 1 Andreas K. Hüttel archtester

2014-04-12 18:49:58 UTC

Bumped and all vulnerable versions removed. Thanks.

Comment 2 Yury German Gentoo Infrastructure

2014-05-21 03:49:03 UTC

Maintainer(s), Thank you for cleanup!

No GLSA needed as there are no stable versions.