BugTraq
Back to list
|
Post reply
Re: VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems) vulnerability
Aug 02 2003 12:33AM
VMware (vmware-security-alert vmware com)
In-Reply-To: <Pine.LNX.4.55.0307231606160.25752 (at) mail.securityfocus (dot) com [email concealed]>
Description
-----------
The following products have a vulnerability that can allow a
user of the host system to start an arbitrary program with
root privileges.
This was previously reported in this advisory:
http://www.securityfocus.com/archive/1/330184
This notice announces an additional release that corrects
this vulnerability. This release is called:
- VMware Workstation 3.2.1 patch 1
Details/Impact
--------------
By manipulating the VMware Workstation environment variables,
a program such as a shell session with root privileges could
be started when a virtual machine is launched. The user would
then have full access to the host.
VMware strongly urges customers Workstation (for Linux
systems) to upgrade as soon as possible.
Customers running any version of Workstation (for Windows
operating systems) are not subject to this vulnerability.
Solution
--------
To correct the vulnerability in VMware Workstation 3.2, VMware
released the following:
- Workstation 3.2.1 patch 1
Details
-----------
VMware Workstation customers, if covered under the VMware
Workstation Product Upgrade Policy as described at:
http://www.vmware.com/vmwarestore/pricing.html
are entitled to download and install this updated version from
http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST
3-
LX-ESD
This is available today.
Upgrade instructions are at
http://www.vmware.com/support/ws3/doc/upgrade_ws.html
Notes
-----
* VMware wishes to thank Paul Szabo of the University of Sydney for
alerting us
to this vulnerability.
His Web page is at:
http://www.maths.usyd.edu.au:8000/u/psz/
* VMware has posted a knowledge base article that describes this problem:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Description
-----------
The following products have a vulnerability that can allow a
user of the host system to start an arbitrary program with
root privileges.
This was previously reported in this advisory:
http://www.securityfocus.com/archive/1/330184
This notice announces an additional release that corrects
this vulnerability. This release is called:
- VMware Workstation 3.2.1 patch 1
Details/Impact
--------------
By manipulating the VMware Workstation environment variables,
a program such as a shell session with root privileges could
be started when a virtual machine is launched. The user would
then have full access to the host.
VMware strongly urges customers Workstation (for Linux
systems) to upgrade as soon as possible.
Customers running any version of Workstation (for Windows
operating systems) are not subject to this vulnerability.
Solution
--------
To correct the vulnerability in VMware Workstation 3.2, VMware
released the following:
- Workstation 3.2.1 patch 1
Details
-----------
VMware Workstation customers, if covered under the VMware
Workstation Product Upgrade Policy as described at:
http://www.vmware.com/vmwarestore/pricing.html
are entitled to download and install this updated version from
http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST
3-
LX-ESD
This is available today.
Upgrade instructions are at
http://www.vmware.com/support/ws3/doc/upgrade_ws.html
Notes
-----
* VMware wishes to thank Paul Szabo of the University of Sydney for
alerting us
to this vulnerability.
His Web page is at:
http://www.maths.usyd.edu.au:8000/u/psz/
* VMware has posted a knowledge base article that describes this problem:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
[ reply ]