SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
(Vendor Issues Fix for 3.2) Re: VMware Workstation Lets Local Users Execute Programs With Root Privileges
SecurityTracker Alert ID:  1007403
SecurityTracker URL:  http://securitytracker.com/id/1007403
CVE Reference:   CVE-2003-0631   (Links to External Site)
Date:  Aug 4 2003
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2, 4.0
Description:   A vulnerability was reported in VMware Workstation. A local user can start an arbitrary application with root privileges. VMware GSX Serveris also affected.

It is reported that a local user can modify certain environment variables to cause an application to be started with root privileges when a virtual machine is launched. This can allow the local user to gain root access on the system.

Only the Linux platforms are affected, according to the report.

Impact:   A local user can execute an application with root privileges to gain root access on the system.
Solution:   The vendor has released a fixed version (3.2.1 patch 1 and also 4.0.1), available at the following URLs (respectively):

http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST3-LX-ESD

http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST4-LX-ESD

Vendor URL:  www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039 (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 24 2003 VMware Workstation Lets Local Users Execute Programs With Root Privileges



 Source Message Contents

Subject:  Re: VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems)


In-Reply-To: <Pine.LNX.4.55.0307231606160.25752@mail.securityfocus.com>

Description
-----------

The following products have a vulnerability that can allow a
user of the host system to start an arbitrary program with
root privileges. 


This was previously reported in this advisory:
http://www.securityfocus.com/archive/1/330184

This notice announces an additional release that corrects 
this vulnerability.   This release is called:
- VMware Workstation 3.2.1 patch 1

Details/Impact
--------------

By manipulating the VMware Workstation environment variables,
a program such as a shell session with root privileges could
be started when a virtual machine is launched. The user would
then have full access to the host.

VMware strongly urges customers Workstation (for Linux
systems) to upgrade as soon as possible. 

Customers running any version of Workstation (for Windows
operating systems) are not subject to this vulnerability. 

Solution
--------

To correct the vulnerability in VMware Workstation 3.2, VMware
released the following: 

- Workstation 3.2.1 patch 1

Details
-----------

VMware Workstation customers, if covered under the VMware
Workstation Product Upgrade Policy as described at:

http://www.vmware.com/vmwarestore/pricing.html

are entitled to download and install this updated version from

http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST3-
LX-ESD


This is available today. 

Upgrade instructions are at

http://www.vmware.com/support/ws3/doc/upgrade_ws.html


Notes
-----

* VMware wishes to thank Paul Szabo of the University of Sydney for 
alerting us
to this vulnerability.

His Web page is at: 
http://www.maths.usyd.edu.au:8000/u/psz/


* VMware has posted a knowledge base article that describes this problem:

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC