VMware Security Advisory

Posted: 30/3/11 by komz in Etiquetas: , , ,

The VMware vmrun utility is susceptible to a local privilege escalation in
non-standard configurations.

2. Relevant releases

VMware VIX API for Linux 1.10.2 and earlier

VMware Workstation 7.1.3 on Linux and earlier
VMware Workstation 6.5.5 on Linux and earlier

3. Problem Description

a. VMware Linux based vmrun utility local privilege escalation

VMware vmrun is a utility that is used to perform various tasks on virtual machines. The vmrun utility runs on any platform with VIX libraries installed. It is installed in VMware Workstation by default.

In non-standard filesystem configurations, an attacker with the ability to place files into a predefined library path, could take execution control of vmrun.

The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2011-1126 to this issue.

4.REFERENCE: VMware Security Advisory

The Vulnerability Team adviced to users and administrators to review and apply the updates notifications
necessary to help mitigate the risks.

source: vmware.com

0 comentarios: