VMware has released a new security advisory: VMSA-2018-0005 – VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities.
This advisory documents the remediation of two issues: one critical (use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled) and one important (an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled).
VMSA-2018-0005 – Use-after-free Vulnerability in VMware NAT Service
CVE-2017-4949 – VMware Workstation (both Pro and Player) and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. A successful exploit of the vulnerability will allow a guest to execute code on the host. By default, IPv6 mode for VMNAT is not enabled in either of the products.
Affected products and resolutions:
- Workstation 14.x – update to 14.1.1
- Workstation 12.x – update to 12.5.9
- Fusion 10.x – update to 10.1.1
- Fusion 8.x – update to 8.5.10
VMSA-2018-0005 – Integer-overflow Vulnerability in VMware NAT Service
CVE-2017-4950 – VMware Workstation (both Pro and Player) and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. A successful exploit of the vulnerability may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. By default, IPv6 mode for VMNAT is not enabled in either of the products.
Affected products and resolutions:
- Workstation 14.x – update to 14.1.1
- Workstation 12.x – update to 12.5.9
- Fusion 10.x – update to 10.1.1
- Fusion 8.x – update to 8.5.10
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.
