Hello all-

Just came across this and thought to share for those of us using VMWare and using Gentoo Linux. It states that Gentoo Linux is the only OS/OE vulnerable - but also lists all the versions of VMWare workstation - except the Beta 5 version. This comes from SecurityFocus :

VMWare Workstation For Linux Local Privilege Escalation Vulnerability

It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location.

A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.

Workaround/Solution - for Gentoo only at this point:
It is reported that a file '/tmp/rrdharan' may be created (By the superuser) as viable workaround for this issue.


Gentoo has released an advisory (GLSA 200502-18) and an updated eBuild to address this issue. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot verbose ">=app-emulation/vmware-workstation-"
Here's the link for the full detail: http://www.securityfocus.com/bid/12552

Here's the link for the Gentoo advisory: http://www.securityfocus.com/advisories/8080