SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
(A User Provides Recommendations) Re: VMware Allows Local Users to Overwrite Any File on the System
SecurityTracker Alert ID:  1001377
SecurityTracker URL:  http://securitytracker.com/id/1001377
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 20 2001
Impact:   Modification of system information


Description:   A vulnerability has been reported in a script that ships with the VMware Windows environment package for Linux.

A user provides the following recommendations:

"VMWare likes to have a good, safe TMPDIR variable set:

$ grep TMP vmware-mount.pl
return defined($ENV{TMPDIR}) ? $ENV{TMPDIR} : "/tmp";

This is a simple variation on an old theme. Make sure you have safe
TMP and TMPDIR variables set at all times. If you want a set of scripts
for safely creating such dirs and setting env vars at login time, see
my TMPDIR scripts at http://www.tux.org/~peterw/

These will also included with the soon-to-be-released Bastille 1.2.0"

Impact:   A local user could cause any file to be overwritten.
Solution:   A user provides some mitigating recommendations.
Vendor URL:  www.vmware.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2001 VMware Allows Local Users to Overwrite Any File on the System



 Source Message Contents

Subject:  Re: VMware symlink problems


At Wed, 18 Apr 2001 18:05:49 +0200 , Paul Starzetz <paul@STARZETZ.DE> wrote:

>There is symlink vulnerability in the vmware-mount.pl script which comes
>with lates VMware.

>While mounting virtual disk drives using the vmware-mount.pl script, a
>temporary file named vmware-mount.pl.PID where PID is the current pid of
>the command will be created in an insecure manner.

VMWare likes to have a good, safe TMPDIR variable set:

$ grep TMP vmware-mount.pl
  return defined($ENV{TMPDIR}) ? $ENV{TMPDIR} : "/tmp";

This is a simple variation on an old theme. Make sure you have safe
TMP and TMPDIR variables set at all times. If you want a set of scripts
for safely creating such dirs and setting env vars at login time, see
my TMPDIR scripts at http://www.tux.org/~peterw/

These will also included with the soon-to-be-released Bastille 1.2.0

-Peter

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC