On March 17th, VMware released security updates that dealt with Denial-of-Service (DoS) and high severity privilege escalations in VMware Workstation, Fusion, VMware Remote Console, and Horizon Chat. The two flaws, tracked as CVE-2020-3950 and CVE-2020-3951, are believed to come from the improper use of setuid binaries as well as a heap-overflow issue in Cortado Thinprint. The affected software versions are listed below for CVE-2020-3950:
- VMware Fusion Version 11.x before 11.5.2
- Mware Remote Console Mac 11.x before 11.0.1
- Horizon Client for Mac 5.x before 5.4.0
CVE-2020-3951, which is found in Cortado Thinprint, affects the following versions:
- VMware Workstation (Windows and Linux) version 15.x before 15.5.2
- Horizon Client for Windows 5.x before 5.4.0.
VMware stated, “Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.”
In order to fix the issues, it is recommended that users visit vmware[.]com and apply the patches listed in the Fixed Version column of the Resolution Matrix that can be found within the VMSA-2020-0005 advisory.