漏洞关键信息 漏洞名称: VMware vmrun utility local privilege escalation CVE编号: CVE-2011-1126 CWE编号: CWE-264 (Improper Access Control) CVSS Base Score: 6.9/10 风险等级: Medium 漏洞影响 影响范围: VMware VIX API for Linux 1.10.2 and earlier, VMware Workstation 7.1.3 on Linux and earlier, VMware Workstation 6.5.5 on Linux and earlier 漏洞描述 Summary: The VMware vmrun utility is susceptible to a local privilege escalation in non-standard configurations. Impact: In non-standard filesystem configurations, an attacker with the ability to place files into a predefined library path, could take execution control of vmrun. 解决方案 Workstation 7.1.4: Use the VIX API 1.x Linux patch pending updates or the updated version of vmrun. Workstation 6.5.x: Refer to VMware Knowledge Base article 1035509 for the updated version of vmrun. 参考链接 VMware Security Advisory VMware VIX API for Linux VMware Workstation