February 25th, 2005, 07:02 PM
VMWare Workstation Vulnerability
Just came across this and thought to share for those of us using VMWare and using Gentoo Linux. It states that Gentoo Linux is the only OS/OE vulnerable - but also lists all the versions of VMWare workstation - except the Beta 5 version. This comes from SecurityFocus :
Here's the link for the full detail: http://www.securityfocus.com/bid/12552
VMWare Workstation For Linux Local Privilege Escalation Vulnerability
It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location.
A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.
Workaround/Solution - for Gentoo only at this point:
It is reported that a file '/tmp/rrdharan' may be created (By the superuser) as viable workaround for this issue.
Gentoo has released an advisory (GLSA 200502-18) and an updated eBuild to address this issue. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --ask --oneshot verbose ">=app-emulation/vmware-workstation-220.127.116.1148-r5"
Here's the link for the Gentoo advisory: http://www.securityfocus.com/advisories/8080