1. CVE-Search
  2. CVE-2018-6964
ID CVE-2018-6964
Summary VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:horizon_client:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:horizon_client:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:horizon_client:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 104315
confirm https://www.vmware.com/security/advisories/VMSA-2018-0014.html
sectrack 1040989
Last major update 03-10-2019 - 00:03
Published 29-05-2018 - 20:29
Last modified 03-10-2019 - 00:03
Back to Top