Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0967

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-0967
Last Modified 14 May 2013 10:38:23
Published 05 Jun 2008 04:32:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0967

Summary

Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.

Vulnerable Systems

Application

  • Vmware Esx Server 2.5.5

  • Vmware Esx Server 3.0.0

  • Vmware Esx Server 3.0.1

  • Vmware Esx Server 3.0.2

  • Vmware Esx Server 3.1

  • Vmware Esx Server 3.2

  • Vmware Esx Server 3.3

  • Vmware Esx Server 3.5

  • Vmware Esxi 3.5

  • Vmware Player 1.0.0

  • Vmware Player 1.0.1

  • Vmware Player 1.0.2

  • Vmware Player 1.0.3

  • Vmware Player 1.0.4

  • Vmware Player 1.0.5

  • Vmware Player 1.0.6

  • Vmware Player 2.0

  • Vmware Player 2.0.1

  • Vmware Player 2.0.2

  • Vmware Player 2.0.3

  • Vmware Server 1.0.0

  • Vmware Server 1.0.1

  • Vmware Server 1.0.2

  • Vmware Server 1.0.3

  • Vmware Server 1.0.4

  • Vmware Server 1.0.5

  • Vmware Workstation 5.5.0

  • Vmware Workstation 5.5.1

  • Vmware Workstation 5.5.2

  • Vmware Workstation 5.5.3

  • Vmware Workstation 5.5.4

  • Vmware Workstation 5.5.5

  • Vmware Workstation 5.5.6

  • Vmware Workstation 6.0

  • Vmware Workstation 6.0.1

  • Vmware Workstation 6.0.2

  • Vmware Workstation 6.0.3


References

XF - vmware-vmwareauthd-privilege-escalation(42878)

VUPEN - ADV-2008-1744

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

SECTRACK - 1020198

SREASON - 3922

SECUNIA - 30556

IDEFENSE - 20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability

BID - 29557

GENTOO - GLSA-201209-25

Related Patches

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 11:01:52