VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation From: VMware <vmware-security-alert@vmware.com> To: bugtraq@securityfocus.com Date: 2003-06-27 00.08 It is possible for a user to gain an esclation in privileges on a system running VMware Workstation 4.0 for Linux systems by symlink manipulation in a world-writable directory such as /tmp. Affected systems: VMware Workstation 4.0 for Linux systems Dates: This was reported to VMware on 2003-06-17 and VMware is posting this to Bugtraq on 2003-06-26. Resolutions: 1. VMware has identified a workaround and a Knowledge Base article will be posted by noon Pacific Time on 2003-06-27 at the following url. http://www.vmware.com/kb 2. VMware plans to release a patch that will resolve this problem shortly. VMware will announce details when available.
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=111 Patch not yet released. This is a per-user setting; so adding a warning to the ebuild and sending an advisory would be the best option?
4.0.1.5289 is in portage, please send a GLSA and close this
This is a new vulnerability... but I figured I would add it here since this bug is not resolved... From: VMware <vmware-security-alert@vmware.com> To: bugtraq@securityfocus.com Subject: Re: VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems) vulnerability Date: 2 Aug 2003 00:33:41 -0000 In-Reply-To: <Pine.LNX.4.55.0307231606160.25752@mail.securityfocus.com> Description ----------- The following products have a vulnerability that can allow a user of the host system to start an arbitrary program with root privileges. This was previously reported in this advisory: http://www.securityfocus.com/archive/1/330184 This notice announces an additional release that corrects this vulnerability. This release is called: - VMware Workstation 3.2.1 patch 1 Details/Impact -------------- By manipulating the VMware Workstation environment variables, a program such as a shell session with root privileges could be started when a virtual machine is launched. The user would then have full access to the host. VMware strongly urges customers Workstation (for Linux systems) to upgrade as soon as possible. Customers running any version of Workstation (for Windows operating systems) are not subject to this vulnerability. Solution -------- To correct the vulnerability in VMware Workstation 3.2, VMware released the following: - Workstation 3.2.1 patch 1 Details ----------- VMware Workstation customers, if covered under the VMware Workstation Product Upgrade Policy as described at: http://www.vmware.com/vmwarestore/pricing.html are entitled to download and install this updated version from http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST3- LX-ESD This is available today. Upgrade instructions are at http://www.vmware.com/support/ws3/doc/upgrade_ws.html Notes ----- * VMware wishes to thank Paul Szabo of the University of Sydney for alerting us to this vulnerability. His Web page is at: http://www.maths.usyd.edu.au:8000/u/psz/ * VMware has posted a knowledge base article that describes this problem: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
vmware 4.0.2 is out
*** This bug has been marked as a duplicate of 27293 ***