|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
|
| |
Vulnerable Systems:
* VMware Workstation version 6.0.2.59824 for Linux
* VMware GSX Server version 3.2.1.14497 for Linux
* VMware ESX Server version 3.0.1.32039
The Linux version of VMware products include a program called 'vmware-authd', which is installed set-uid root. When this program is executed, it reads configuration options from the executing user's VMware configuration file. One such option allows the user to specify the directory in which to look for shared library modules needed by theprogram. By loading a specially crafted library, an attacker can execute arbitrary code with elevated privileges.
Analysis:
Exploitation of this vulnerability results in the execution of arbitrary code with root privileges. In order to exploit this vulnerability, an attacker must have access to execute the set-uid vmware-authd binary on an affected system. No additional credentials are needed.
Workaround:
To prevent exploitation of this vulnerability, modify the file permissions for the vmware-authd set-uid binary. Possible choices include removing the set-uid bit, or only allowing members of a trusted group to execute the binary.
Vendor response:
VMware has addressed this vulnerability by release new versions of their products. For more information, consult their advisory at the following URL. http://www.vmware.com/security/advisories/VMSA-2008-0009.html
CVE Information:
CVE-2008-0967
Disclosure Timeline:
01/30/2008 - Initial vendor notification
01/30/2008 - Initial vendor response
06/04/2008 - Coordinated public disclosure
|
|
|
|
|
