Javascript Decoder


VMware Security Advisory 2018-0014

Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0014
Severity: Important
Synopsis: VMware Horizon Client update addresses a privilege
escalation vulnerability
Issue date: 2018-05-29
Updated on: 2018-05-29 (Initial Advisory)
CVE number: CVE-2018-6964

1. Summary

VMware Horizon Client update addresses a privilege escalation

2. Relevant Products

VMware Horizon Client for Linux (Horizon Client)

3. Problem Description

VMware Horizon Client privilege escalation vulnerability

VMware Horizon Client contains a local privilege escalation
vulnerability due to insecure usage of SUID binary. Successful
exploitation of this issue may allow unprivileged users to escalate
their privileges to root on a Linux machine where Horizon Client is

VMware would like to thank Nassim Abbaoui, pentester at OVH, for
reporting this issue to us.

The Common Vulnerabilities and Exposures project ( has
assigned the identifier CVE-2018-6964 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is

VMware Product Running Replace with/ Mitigations/
Product Version on Severity Apply patch Workarounds
=========== =========== ======= ======== ============ ============
Horizon Client 4.x & prior Linux Important 4.8.0 None

4. Solution

Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.

VMware Horizon View Client for Linux 4.8.0
Downloads and Documentation:

5. References

- - ---------------------------------------------------------------------

6. Change log

2018-05-29 VMSA-2018-0014 Initial security advisory in conjunction
with the release of VMware Horizon Client 4.8.0 on 2018-05-29.

- - ----------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:

This Security Advisory is posted to the following lists:

PGP key at:

VMware Security Advisories

Consolidated list of VMware Security Advisories

VMware Security Response Policy

VMware Lifecycle Support Phases

VMware Security & Compliance Blog


Copyright 2018 VMware Inc. All rights reserved.

Version: Encryption Desktop 10.4.1 (Build 490)
Charset: utf-8


khalil shreateh

Share your comment publicly