Bugtraq mailing list archives
Re: VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation
From: VMware <vmware-security-alert () vmware com>
Date: 27 Jun 2003 21:10:01 -0000
In-Reply-To: <20030626220825.12388.qmail () www securityfocus com> VMware have posted a knowledge base article on 2003-06-27 that describes the workaround to protect a system against potential priviledge escalation. It is at: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019
Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000 Received: from outgoing2.securityfocus.com (205.206.231.26) by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing2.securityfocus.com (Postfix) with QMQP id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT) Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000 Date: 26 Jun 2003 22:08:25 -0000 Message-ID: <20030626220825.12388.qmail () www securityfocus com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: VMware <vmware-security-alert () vmware com> To: bugtraq () securityfocus com Subject: VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation It is possible for a user to gain an esclation in privileges on a system running VMware Workstation 4.0 for Linux systems by symlink manipulation in a world-writable directory such as /tmp. Affected systems: VMware Workstation 4.0 for Linux systems Dates: This was reported to VMware on 2003-06-17 and VMware is posting
this
to Bugtraq on 2003-06-26. Resolutions: 1. VMware has identified a workaround and a Knowledge Base article will
be
posted by noon Pacific Time on 2003-06-27 at the following url. http://www.vmware.com/kb 2. VMware plans to release a patch that will resolve this problem shortly. VMware will announce details when available.
Current thread:
- Re: VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation VMware (Jun 27)