VMware patches privilege escalation vulnerability in Fusion, Horizon

Exploits to root systems with Fusion, VMRC or Horizon Client installations were possible.

VMware has resolved two vulnerabilities that could lead to privilege escalation or denial-of-service conditions in a variety of software. 

On Tuesday, the virtualization software provider published a security advisory describing CVE-2020-3950 and CVE-2020-3951, a pair of bugs deemed important and low in severity, respectively. 

See also: VMware exceeds $10B in sales in FY 2020

The first security flaw, CVE-2020-3950, is a privilege escalation bug caused by the improper use of setuid binaries that has been awarded a CVSS score of 7.3. 

"Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed," the vulnerability description reads. 

VMware Fusion versions 11.x before 11.5.2, VMware Remote Console for Mac versions 11.x and prior before 11.0.1, and Horizon Client for Mac, versions 5.x and prior before 5.4.0 are impacted. 

CNET: Elections amid coronavirus: How officials aim to keep voters safe

The second security issue now resolved by VMware is CVE-2020-3951, a vulnerability caused by a heap overflow error in Cortado Thinprint, a virtual printing engine used by VMware Workstation and the Windows Horizon Client. Attackers with non-administrative controls and access to a guest virtual machine with this feature enabled can cause denial-of-service conditions. 

It is important to note that virtual printing is not enabled by default on Workstation, but is enabled by default on the Horizon Client.

VMware Workstation versions 15.x before 15.5.2 and Horizon versions 5.x and prior before 5.4.0 are affected by the bug. However, impact is deemed low, resulting in a CVSS score of 3.2. 

TechRepublic: Coronavirus: What business pros need to know

Jeffball of GRIMM, Rich Mirch, and FireEye's Dhanesh Kizhakkinan were thanked for reporting the security issues. It is recommended that users apply automatic updates as they appear.

In related news, Microsoft's monthly Patch Tuesday included fixes for 155 vulnerabilities, 26 of which are deemed critical. However, the main issue of note was how the Redmond giant recently leaked details relating to an SMBv3 vulnerability that was yet to receive a patch. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0