VMWare Workstation For Linux Local Privilege Escalation Vulnerability
BID:12552
Info
VMWare Workstation For Linux Local Privilege Escalation Vulnerability
| Bugtraq ID: | 12552 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 14 2005 12:00AM |
| Updated: | Feb 14 2005 12:00AM |
| Credit: | Tavis Ormandy of the Gentoo Linux Security Audit Team is credited with the discovery of this vulnerability. |
| Vulnerable: |
VMWare Workstation 4.5.2 VMWare Workstation 4.0.2 VMWare Workstation 4.0.1 VMWare Workstation 4.0 VMWare Workstation 3.4 VMWare Workstation 3.2.1 patch 1 Gentoo Linux |
| Not Vulnerable: | |
Discussion
VMWare Workstation For Linux Local Privilege Escalation Vulnerability
It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location.
A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.
It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location.
A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.
Exploit / POC
VMWare Workstation For Linux Local Privilege Escalation Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
VMWare Workstation For Linux Local Privilege Escalation Vulnerability
Solution:
Gentoo has released an advisory (GLSA 200502-18) and an updated eBuild to address this issue. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot verbose ">=app-emulation/vmware-workstation-4.5.2.8848-r5"
Solution:
Gentoo has released an advisory (GLSA 200502-18) and an updated eBuild to address this issue. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot verbose ">=app-emulation/vmware-workstation-4.5.2.8848-r5"
References
VMWare Workstation For Linux Local Privilege Escalation Vulnerability
References:
References: