BugTraq
VMware Workstation 4.0.1 (for Linux systems) vulnerability Aug 07 2003 08:46PM
VMware Security Alert (vmware-security-alert vmware com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Description

- -----------

The following products have a vulnerability that can allow a non-root user of

the host system to delete files.

VMware Workstation 4.0.1 (for Linux systems) build 5289 and earlier releases

Details/Impact

- --------------

By manipulating symbolic links, a non-root user can delete files in any

directory.

Customers running any version of VMware Workstation (for Windows operating

systems) are not subject to this vulnerability.

Resolutions:

VMware plans to release a patch that will resolve this problem

shortly. VMware will announce details when available.

- - How to get the patched release

- - How to install a patched release

- - A knowledge base article

Notes

- -----

* VMware thanks Paul Szabo of the University of Sydney for alerting us

to this vulnerability.

His Web page is at:

http://www.maths.usyd.edu.au:8000/u/psz/

- -----------------

This document is clear signed with PGP.

VMware has the PGP public key available at

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039

Some mail programs cause changes to mail messages and content, which may result

in an indication that the PGP signature for this message is not valid. This

may also occur if this message is forwarded through another email distribution

list that changes the "From" field. Please try to save the message into a file

and then running PGP on it.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.2 (MingW32)

iD8DBQE/Mro7LsZLrftG15MRAj67AJwKRZXbqfoqNF2NWB30GaL5EcCkVACgqlTl

6qlf+X8N0Y5LYYLUINAlWOg=

=e4HB

-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus