Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation

From: VMware <vmware-security-alert () vmware com>
Date: 27 Jun 2003 21:10:01 -0000
In-Reply-To: <20030626220825.12388.qmail () www securityfocus com>

VMware have posted a knowledge base article on 2003-06-27 that describes 
the workaround to protect a system against potential priviledge escalation.

It is at:

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019



Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000
Received: from outgoing2.securityfocus.com (205.206.231.26)
 by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 

[205.206.231.19])

      by outgoing2.securityfocus.com (Postfix) with QMQP
      id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000
Date: 26 Jun 2003 22:08:25 -0000
Message-ID: <20030626220825.12388.qmail () www securityfocus com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: VMware <vmware-security-alert () vmware com>
To: bugtraq () securityfocus com
Subject: VMware Workstation 4.0: Possible privilege escalation on the host
   via symlink manipulation



It is possible for a user to gain an esclation in privileges on a system 
running VMware Workstation 4.0 for Linux systems by symlink manipulation 
in a world-writable directory such as /tmp.

Affected systems: VMware Workstation 4.0 for Linux systems

Dates: This was reported to VMware on 2003-06-17 and VMware is posting 

this

to Bugtraq on 2003-06-26.  

Resolutions:
1. VMware has identified a workaround and a Knowledge Base article will 

be 

posted by noon Pacific Time on 2003-06-27 at the following url.

http://www.vmware.com/kb

2. VMware plans to release a patch that will resolve this problem 
shortly.  VMware will announce details when available.
Previous By Date Next
Previous By Thread Next

Current thread: