Bug 27293

Summary:	VMware Workstation 4.0.2, Build 5592 security update
Product:	Gentoo Linux	Reporter:	Carsten Lohrke (RETIRED) <carlo>
Component:	New packages	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	critical	CC:	aliz, wolf31o2
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.vmware.com/support/ws4/doc/releasenotes_ws4.html
Whiteboard:
Package list:		Runtime testing required:	---

Description Carsten Lohrke (RETIRED) gentoo-dev

2003-08-25 07:06:07 UTC

> By manipulating symbolic links, a non-root user could delete files in any
directory.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Carsten Lohrke (RETIRED) gentoo-dev

2003-08-25 14:42:50 UTC

@aliz: add you, because of this pn from pilla

>>Carlo hat folgendes geschrieben::
>>According to http://www.vmware.com/support/ws4/doc/releasenotes_ws4.html >>vmware-workstation-4.0.1-5289 is affected, too, so the GLSA is not correct.
>>
>>
>>Carlo
>
>
>Damn.... maybe you should tell the original poster aliz@gentoo.org
>
>In the mean time, I'll post a correction there.
>
>Thanks,
>
>pilla

Comment 2 Martin Holzer (RETIRED) gentoo-dev

2003-08-28 16:07:54 UTC

*** Bug 24006 has been marked as a duplicate of this bug. ***

Comment 3 Chris Gianelloni (RETIRED) gentoo-dev

2003-08-30 07:46:40 UTC

I just committed this new version of vmware to portage... you can release a GLSA on it

Comment 4 Carsten Lohrke (RETIRED) gentoo-dev

2003-08-30 10:53:55 UTC

Thx, works fine here! (AMD/XP)

Comment 5 Daniel Ahlberg (RETIRED) gentoo-dev

2003-09-01 06:37:06 UTC

I've sent out a correction GLSA for this.