CVE-2014-4199

Published: 28 August 2014

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

Priority

Status

Package	Release	Status
open-vm-tools Launchpad, Ubuntu, Debian	bionic	Not vulnerable (2:11.0.5-4ubuntu0.18.04.1)
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	lunar	Not vulnerable
	mantic	Not vulnerable
	trusty	Needed
	upstream	Released (2:9.4.6-1770165-7)
	xenial	Not vulnerable (2:10.2.0-3~ubuntu0.16.04.1)

References

http://seclists.org/fulldisclosure/2014/Aug/71
https://www.cve.org/CVERecord?id=CVE-2014-4199
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770809

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›