In-Reply-To: <[EMAIL PROTECTED]> VMware have posted a knowledge base article on 2003-06-27 that describes the workaround to protect a system against potential priviledge escalation.
It is at: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019 >Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000 >Date: 26 Jun 2003 22:08:25 -0000 >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: VMware <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: VMware Workstation 4.0: Possible privilege escalation on the host > via symlink manipulation > > > >It is possible for a user to gain an esclation in privileges on a system >running VMware Workstation 4.0 for Linux systems by symlink manipulation >in a world-writable directory such as /tmp. > >Affected systems: VMware Workstation 4.0 for Linux systems > >Dates: This was reported to VMware on 2003-06-17 and VMware is posting this >to Bugtraq on 2003-06-26. > >Resolutions: >1. VMware has identified a workaround and a Knowledge Base article will be >posted by noon Pacific Time on 2003-06-27 at the following url. > >http://www.vmware.com/kb > >2. VMware plans to release a patch that will resolve this problem >shortly. VMware will announce details when available. >
