On March 17th, VMware released security updates that dealt with Denial-of-Service (DoS) and high severity privilege escalations in VMware Workstation, Fusion, VMware Remote Console, and Horizon Chat. The two flaws, tracked as CVE-2020-3950 and CVE-2020-3951, are believed to come from the improper use of setuid binaries as well as a heap-overflow issue in Cortado Thinprint. The affected software versions are listed below for CVE-2020-3950:
- VMware Fusion Version 11.x before 11.5.2
- Mware Remote Console Mac 11.x before 11.0.1
- Horizon Client for Mac 5.x before 5.4.0
CVE-2020-3951, which is found in Cortado Thinprint, affects the following versions:
- VMware Workstation (Windows and Linux) version 15.x before 15.5.2
- Horizon Client for Windows 5.x before 5.4.0.
VMware stated, “Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.”
Analyst Notes
In order to fix the issues, it is recommended that users visit vmware[.]com and apply the patches listed in the Fixed Version column of the Resolution Matrix that can be found within the VMSA-2020-0005 advisory.
Source: https://www.bleepingcomputer.com/news/security/vmware-fixes-high-severity-privilege-escalation-bug-in-fusion/
