Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4963
HistoryAug 08, 2003 - 12:00 a.m.

VMware Workstation 4.0.1 (for Linux systems) vulnerability

2003-08-0800:00:00
vulners.com
9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Description


The following products have a vulnerability that can allow a non-root user of
the host system to delete files.

VMware Workstation 4.0.1 (for Linux systems) build 5289 and earlier releases

Details/Impact


By manipulating symbolic links, a non-root user can delete files in any
directory.

Customers running any version of VMware Workstation (for Windows operating
systems) are not subject to this vulnerability.

Resolutions:

VMware plans to release a patch that will resolve this problem
shortly. VMware will announce details when available.

    • How to get the patched release
    • How to install a patched release
    • A knowledge base article

Notes


  • VMware thanks Paul Szabo of the University of Sydney for alerting us
    to this vulnerability.

His Web page is at:

http://www.maths.usyd.edu.au:8000/u/psz/


This document is clear signed with PGP.

VMware has the PGP public key available at

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039

Some mail programs cause changes to mail messages and content, which may result
in an indication that the PGP signature for this message is not valid. This
may also occur if this message is forwarded through another email distribution
list that changes the "From" field. Please try to save the message into a file
and then running PGP on it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQE/Mro7LsZLrftG15MRAj67AJwKRZXbqfoqNF2NWB30GaL5EcCkVACgqlTl
6qlf+X8N0Y5LYYLUINAlWOg=
=e4HB
-----END PGP SIGNATURE-----