SB2016103103 - Security bypass in VMware, VMware Tools
Published: October 31, 2016
Security Bulletin ID
SB2016103103
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security bypass (CVE-ID: CVE-2016-5328)
The vulnerability allows a local user to bypass security restrictions on the target system.The weakness is due to access control flaw. By obtaining kernel memory address information, a local attacker can bypass address space layout randomization (ASLR) security protections.
Successful exploitation of the vulnerability results in access to the vulnerable system.
Remediation
Install update from vendor's website.