VMware GSX Server/Workstation Host Operating Privilege Escalation

2003-08-08T05:43:23
ID OSVDB:2128
Type osvdb
Reporter OSVDB
Modified 2003-08-08T05:43:23

Description

Vulnerability Description

Multiple versions of VMware Workstation and GSX server for linux allow modified environment variables to execute commands. The vulnerability allows a malicious attacker to execute commands as root when a virtual server starts, which can grant them access to the entire machine.

Solution Description

Upgrade to Workstation 4.0.1, Workstation 3.2.1 patch 1, or GSX Server 2.5.1 patch 1 as appropriate.

Short Description

Multiple versions of VMware Workstation and GSX server for linux allow modified environment variables to execute commands. The vulnerability allows a malicious attacker to execute commands as root when a virtual server starts, which can grant them access to the entire machine.

References:

Vendor Specific Solution URL: http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST4-LX-ESD Vendor Specific Advisory URL Secunia Advisory ID:9348 ISS X-Force ID: 12707 CVE-2003-0631 Bugtraq ID: 8264