PT-2017-6828 · Vmware+1 · Vmware Tools+1

Published

2017-03-15

Updated

2024-06-15

CVE-2015-5191

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware Tools versions prior to 10.0.9

Description The issue is related to multiple file system races in libDeployPkg, which uses hard-coded paths under /tmp. This could potentially lead to a local privilege escalation if successfully exploited.

Recommendations For versions prior to 10.0.9, update to version 10.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp directory to minimize the risk of exploitation.

Fix

LPE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2015-5191

MGASA-2017-0354

OPENSUSE-SU-2024:10475-1

SUSE-SU-2017:0701-1

SUSE-SU-2017:0702-1

SUSE-SU-2017:0705-1

SUSE-SU-2017_0701-1

SUSE-SU-2017_0702-1

SUSE-SU-2017_0705-1

Affected Products

Suse

Vmware Tools

PT-2017-6828 · Vmware+1 · Vmware Tools+1

CVE-2015-5191

Weakness Enumeration

Related Identifiers

Affected Products

References · 42