[German]VMware has just received a security update for its virtualization products, including VMware Workstation Pro and Vmware Player. These updates address security vulnerabilities in the virtualization products.
Advertising
The vendor's security advisory VMSA-2020-0004.1 addresses critical vulnerabilities (CVSSv3 classification 7.3 to 9.3). The following products are affected:
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Horizon Client for Windows
- VMware Remote Console for Windows (VMRC for Windows)
There are use-after-free and Privilege Escalation vulnerabilities in older versions of the products.
- As of March 12, 2020, the following vulnerabilities are listed: CVE-2019-5543, CVE-2020-3947, CVE-2020-3948
- The following vulnerabilities were added as of 14 March 2020: CVE-2019-5543, CVE-2020-3947, CVE-2020-3948
Updates are available for the listed products to address the vulnerabilities.
Use-after-free vulnerability in vmnetdhcp (CVE-2020-3947)
VMware Workstation and Fusion contain a use-afterfree vulnerability in vmnetdhcp. VMware classifies the vulnerability with a maximum base CVSSv3 rating of 9.3. Successful exploitation of this issue could lead to code execution on the host by the guest or could allow attackers to create a denial of service state of the vmnetdhcp service running on the host machine. Updates are available for the products.
- VMware Workstation Pro / Player (Workstation) to Version 15.5.2
- VMware Fusion Pro / Fusion (Fusion) to Version 11.5.2
Local Privilege escalation vulnerability in Cortado Thinprint (CVE-2020-3948)
Linux guest VMs running on VMware Workstation and Fusion contain a local Privilege Escalation vulnerability due to invalid file permissions in Cortado Thinprint. VMware rates the severity of this issue with a maximum base CVSSv3 rating of 7.8. Exploitation is only possible if virtual printing is enabled in the guest VM. Virtual printing is not enabled by default on Workstation and Fusion.
Advertising
Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled could exploit this issue to elevate their privileges to become root on the same guest VM. Apply the available patches to fix CVE-2020-3948. Also uninstall and reinstall the VMware Virtual Printers for each VM.
- VMware Workstation Pro / Player (Workstation) to Version 15.5.2
- VMware Fusion Pro / Fusion (Fusion) to Version 11.5.2
VMware Horizon Client, VMRC, Workstation Privilege Escalation (CVE-2019-5543)
For VMware Horizon Client for Windows, VMRC for Windows, and Workstation for Windows, the folder containing the VMware USB Arbitration Service configuration files was found to be writable by all users. VMware has rated the severity of this issue as having a maximum base CVSSv3 rating of 7.3.
A local user on the system where the software is installed can exploit this issue to run commands like any other user. To fix CVE-2019-5543, upgrade the product.
- Horizon Client for Windows to Version 5.3.0
- VMRC for Windows to Version 11.0.0
- VMware Workstation Pro / Player (Workstation) to Version 15.5.2
The links to the downloads can be found in the security note VMSA-2020-0004.1. Further notes can be found at Bleeping Computer.
