VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation

From: VMware (vmware-security-alertat_private)
Date: Thu Jun 26 2003 - 15:08:25 PDT

Next message: Mandrake Linux Security Team: "MDKSA-2003:072 - Updated ypserv packages fix DoS vulnerability"

Previous message: Michael Howard: "Development Impacts of Security Changes in Windows Server 2003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) It is possible for a user to gain an esclation in privileges on a system running VMware Workstation 4.0 for Linux systems by symlink manipulation in a world-writable directory such as /tmp. Affected systems: VMware Workstation 4.0 for Linux systems Dates: This was reported to VMware on 2003-06-17 and VMware is posting this to Bugtraq on 2003-06-26. Resolutions: 1. VMware has identified a workaround and a Knowledge Base article will be posted by noon Pacific Time on 2003-06-27 at the following url. http://www.vmware.com/kb 2. VMware plans to release a patch that will resolve this problem shortly. VMware will announce details when available.

Next message: Mandrake Linux Security Team: "MDKSA-2003:072 - Updated ypserv packages fix DoS vulnerability"
Previous message: Michael Howard: "Development Impacts of Security Changes in Windows Server 2003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 11:46:27 PDT