Bug 211574

Summary:	app-emulation/vmware-player, vmware-workstation: Shared Folders Directory Traversal (CVE-2008-0923)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	minor	CC:	vmware+disabled
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.coresecurity.com/?action=item&id=2129
Whiteboard:	B3 [upstream]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2008-02-26 22:43:20 UTC

CVE-2008-0923 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0923):
  Directory traversal vulnerability in the Shared Folders feature for VMWare
  ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2
  allows guest OS users to read and write arbitrary files on the host OS via a
  multibyte string that produces a wide character string containing .. (dot
  dot) sequences, which bypasses the protection mechanism, as demonstrated
  using a "%c0%2e%c0%2e" string.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-02-26 22:50:25 UTC

Upstream failed to provide an update to their products since November, now this is public.
We can either mask, wait, or send an advisory with the "disable shared folder" workaround.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-02-26 23:10:23 UTC

Good news: Vmware upstream states that only windows-hosted machines are affected, i.e. not an issue for us. Thanks to nion for pointing that out for me.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034