CVE-2008-0967
Summary
| CVE | CVE-2008-0967 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-06-05 20:32:00 UTC |
| Updated | 2018-10-30 16:26:00 UTC |
| Description | Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Vmware | Esx | 3.0.0 | All | All | All |
| Operating System | Vmware | Esx | 3.0.1 | All | All | All |
| Operating System | Vmware | Esx | 3.0.2 | All | All | All |
| Operating System | Vmware | Esx | 3.0.0 | All | All | All |
| Operating System | Vmware | Esx | 3.0.1 | All | All | All |
| Operating System | Vmware | Esx | 3.0.2 | All | All | All |
| Application | Vmware | Esxi | 3.5 | All | All | All |
| Application | Vmware | Esxi | 3.5 | All | All | All |
| Application | Vmware | Esx Server | 2.5.5 | All | All | All |
| Application | Vmware | Esx Server | 3.1 | All | All | All |
| Application | Vmware | Esx Server | 3.2 | All | All | All |
| Application | Vmware | Esx Server | 3.3 | All | All | All |
| Application | Vmware | Esx Server | 3.5 | All | All | All |
| Application | Vmware | Esx Server | 2.5.5 | All | All | All |
| Application | Vmware | Esx Server | 3.1 | All | All | All |
| Application | Vmware | Esx Server | 3.2 | All | All | All |
| Application | Vmware | Esx Server | 3.3 | All | All | All |
| Application | Vmware | Esx Server | 3.5 | All | All | All |
| Application | Vmware | Player | 1.0.0 | All | All | All |
| Application | Vmware | Player | 1.0.1 | All | All | All |
| Application | Vmware | Player | 1.0.2 | All | All | All |
| Application | Vmware | Player | 1.0.3 | All | All | All |
| Application | Vmware | Player | 1.0.4 | All | All | All |
| Application | Vmware | Player | 1.0.5 | All | All | All |
| Application | Vmware | Player | 1.0.6 | All | All | All |
| Application | Vmware | Player | 2.0 | All | All | All |
| Application | Vmware | Player | 2.0.1 | All | All | All |
| Application | Vmware | Player | 2.0.2 | All | All | All |
| Application | Vmware | Player | 2.0.3 | All | All | All |
| Application | Vmware | Player | 1.0.0 | All | All | All |
| Application | Vmware | Player | 1.0.1 | All | All | All |
| Application | Vmware | Player | 1.0.2 | All | All | All |
| Application | Vmware | Player | 1.0.3 | All | All | All |
| Application | Vmware | Player | 1.0.4 | All | All | All |
| Application | Vmware | Player | 1.0.5 | All | All | All |
| Application | Vmware | Player | 1.0.6 | All | All | All |
| Application | Vmware | Player | 2.0 | All | All | All |
| Application | Vmware | Player | 2.0.1 | All | All | All |
| Application | Vmware | Player | 2.0.2 | All | All | All |
| Application | Vmware | Player | 2.0.3 | All | All | All |
| Application | Vmware | Server | 1.0.3 | All | All | All |
| Application | Vmware | Server | 1.0.3 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.0 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.1 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.4 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.5 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.0 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.1 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.4 | All | All | All |
| Application | Vmware | Vmware Server | 1.0.5 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.0 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.2 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.5 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.6 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.1 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.2 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.3 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.0 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.2 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.5 | All | All | All |
| Application | Vmware | Vmware Workstation | 5.5.6 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.1 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.2 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.3 | All | All | All |
| Application | Vmware | Workstation | 5.5.1 | All | All | All |
| Application | Vmware | Workstation | 5.5.3 | All | All | All |
| Application | Vmware | Workstation | 5.5.4 | All | All | All |
| Application | Vmware | Workstation | 6.0 | All | All | All |
| Application | Vmware | Workstation | 5.5.1 | All | All | All |
| Application | Vmware | Workstation | 5.5.3 | All | All | All |
| Application | Vmware | Workstation | 5.5.4 | All | All | All |
| Application | Vmware | Workstation | 6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VMware Products Multiple Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Gentoo Linux Documentation -- VMware Player, Server, Workstation: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| VMSA-2008-0009.2 - VMware | CONFIRM | www.vmware.com | Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| SecurityReason - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi | SREASON | securityreason.com | |
| VMware vmware-authd Daemon Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| 20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability | IDEFENSE | labs.idefense.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.