VMSA-2018-0003

VMSA-2018-0014 – VMware Horizon Client Privilege Escalation Vulnerability

VMware has released a new security advisory: : VMware Horizon Client update addresses a privilege escalation vulnerability.

This advisory documents the remediation of one important issue: VMware Horizon Client contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.

The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6964 to VMSA-2018-0014 issue.

All 4.x and prior versions of Horizon Client are affected by this vulnerability. VMware recommends update to version 4.8.0 (released 29 May 2018).

New Features in Horizon Client 4.8.0

  • Android client: VMware Blast network recovery improvements, VMware Blast selects the optimal transport automatically, copy and paste enhancements, seamless windows support, Android 8.1 (Oreo) support, VMware Horizon Performance Tracker support, OpenSSL 1.0.2o support
  • IOS client: VMware Horizon Performance Tracker support, VMware Blast selects the optimal transport automatically, client drive redirection, derived credentials enhancements, OpenSSL 1.0.2o support
  • Linux client: VMware Horizon Performance Tracker support, VMware Blast selects the optimal transport automatically
  • Mac client: VMware Horizon Performance Tracker support, VMware Blast selects the optimal transport automatically, macOS 10.13.4 support, OpenSSL 1.0.2o support
  • Windows 10 client: Windows 10 1803 SAC (Spring Creators Update) support, VMware Horizon Performance Tracker support, VMware Blast selects the optimal transport automatically, automatic Internet protocol selection, only list smart card certificates, using desktop shortcuts created by the server, Simple Device Orientation (SDO) sensor redirection, files associations support in nested mode, OpenSSL 1.0.2o support
  • HTML Access: VMware Horizon Performance Tracker support

You can read the full Horizon Client 4.8.0 documentation on VMware site.

You can also check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

Constantin Ghioc

I usually play with vSphere API, Ansible, vRealize Automation, vRealize Orchestrator, and different AWS tools. In my other life I’m a husband and a father, an amateur photographer and a Go enthusiast.

Leave a Reply