VMware Workstation Symlink Privilege Escalation

2003-06-27T16:10:01
ID OSVDB:2222
Type osvdb
Reporter OSVDB
Modified 2003-06-27T16:10:01

Description

Vulnerability Description

In-Reply-To: <20030626220825.12388.qmail@www.securityfocus.com>

VMware have posted a knowledge base article on 2003-06-27 that describes the workaround to protect a system against potential priviledge escalation.

It is at:

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019

>Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT) >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000 >Date: 26 Jun 2003 22:08:25 -0000 >Message-ID: <20030626220825.12388.qmail@www.securityfocus.com> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: VMware <vmware-security-alert@vmware.com> >To: bugtraq@securityfocus.com >Subject: VMware Workstation 4.0: Possible privilege escalation on the host > via symlink manipulation > > > >It is possible for a user to gain an esclation in privileges on a system >running VMware Workstation 4.0 for Linux systems by symlink manipulation >in a world-writable directory such as /tmp. > >Affected systems: VMware Workstation 4.0 for Linux systems > >Dates: This was reported to VMware on 2003-06-17 and VMware is posting this >to Bugtraq on 2003-06-26.
> >Resolutions: >1. VMware has identified a workaround and a Knowledge Base article will be >posted by noon Pacific Time on 2003-06-27 at the following url. > >http://www.vmware.com/kb > >2. VMware plans to release a patch that will resolve this problem >shortly. VMware will announce details when available. >

Short Description

In-Reply-To: <20030626220825.12388.qmail@www.securityfocus.com>

VMware have posted a knowledge base article on 2003-06-27 that describes the workaround to protect a system against potential priviledge escalation.

It is at:

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019

>Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT) >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000 >Date: 26 Jun 2003 22:08:25 -0000 >Message-ID: <20030626220825.12388.qmail@www.securityfocus.com> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: VMware <vmware-security-alert@vmware.com> >To: bugtraq@securityfocus.com >Subject: VMware Workstation 4.0: Possible privilege escalation on the host > via symlink manipulation > > > >It is possible for a user to gain an esclation in privileges on a system >running VMware Workstation 4.0 for Linux systems by symlink manipulation >in a world-writable directory such as /tmp. > >Affected systems: VMware Workstation 4.0 for Linux systems > >Dates: This was reported to VMware on 2003-06-17 and VMware is posting this >to Bugtraq on 2003-06-26.
> >Resolutions: >1. VMware has identified a workaround and a Knowledge Base article will be >posted by noon Pacific Time on 2003-06-27 at the following url. > >http://www.vmware.com/kb > >2. VMware plans to release a patch that will resolve this problem >shortly. VMware will announce details when available. >

References:

Vendor Specific News/Changelog Entry: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0226.html ISS X-Force ID: 12457 CVE-2003-0480 Bugtraq ID: 8049