BugTraq
Back to list
|
Post reply
VMware Workstation 4.0.1 (for Linux systems) vulnerability
Aug 07 2003 08:46PM
VMware Security Alert (vmware-security-alert vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Description
- -----------
The following products have a vulnerability that can allow a non-root user of
the host system to delete files.
VMware Workstation 4.0.1 (for Linux systems) build 5289 and earlier releases
Details/Impact
- --------------
By manipulating symbolic links, a non-root user can delete files in any
directory.
Customers running any version of VMware Workstation (for Windows operating
systems) are not subject to this vulnerability.
Resolutions:
VMware plans to release a patch that will resolve this problem
shortly. VMware will announce details when available.
- - How to get the patched release
- - How to install a patched release
- - A knowledge base article
Notes
- -----
* VMware thanks Paul Szabo of the University of Sydney for alerting us
to this vulnerability.
His Web page is at:
http://www.maths.usyd.edu.au:8000/u/psz/
- -----------------
This document is clear signed with PGP.
VMware has the PGP public key available at
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
Some mail programs cause changes to mail messages and content, which may result
in an indication that the PGP signature for this message is not valid. This
may also occur if this message is forwarded through another email distribution
list that changes the "From" field. Please try to save the message into a file
and then running PGP on it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQE/Mro7LsZLrftG15MRAj67AJwKRZXbqfoqNF2NWB30GaL5EcCkVACgqlTl
6qlf+X8N0Y5LYYLUINAlWOg=
=e4HB
-----END PGP SIGNATURE-----
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Hash: SHA1
Description
- -----------
The following products have a vulnerability that can allow a non-root user of
the host system to delete files.
VMware Workstation 4.0.1 (for Linux systems) build 5289 and earlier releases
Details/Impact
- --------------
By manipulating symbolic links, a non-root user can delete files in any
directory.
Customers running any version of VMware Workstation (for Windows operating
systems) are not subject to this vulnerability.
Resolutions:
VMware plans to release a patch that will resolve this problem
shortly. VMware will announce details when available.
- - How to get the patched release
- - How to install a patched release
- - A knowledge base article
Notes
- -----
* VMware thanks Paul Szabo of the University of Sydney for alerting us
to this vulnerability.
His Web page is at:
http://www.maths.usyd.edu.au:8000/u/psz/
- -----------------
This document is clear signed with PGP.
VMware has the PGP public key available at
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
Some mail programs cause changes to mail messages and content, which may result
in an indication that the PGP signature for this message is not valid. This
may also occur if this message is forwarded through another email distribution
list that changes the "From" field. Please try to save the message into a file
and then running PGP on it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQE/Mro7LsZLrftG15MRAj67AJwKRZXbqfoqNF2NWB30GaL5EcCkVACgqlTl
6qlf+X8N0Y5LYYLUINAlWOg=
=e4HB
-----END PGP SIGNATURE-----
[ reply ]