Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200502-18] VMware Workstation: Untrusted library search path


Vulnerability Assessment Details

[GLSA-200502-18] VMware Workstation: Untrusted library search path

Vulnerability Assessment Summary
VMware Workstation: Untrusted library search path

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200502-18
(VMware Workstation: Untrusted library search path)


Tavis Ormandy of the Gentoo Linux Security Audit Team has
discovered that VMware Workstation searches for gdk-pixbuf loadable
modules in an untrusted, world-writable directory.

Impact

A local attacker could create a malicious shared object that would
be loaded by VMware, resulting in the execution of arbitrary code with
the rights of the user running VMware.

Workaround

The system administrator may create the file /tmp/rrdharan to
prevent malicious users from creating a directory at that location:
# touch /tmp/rrdharan


Solution:
All VMware Workstation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/vmware-workstation-4.5.2.8848-r5"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors

Juniper Netscreen SSG-20 T1 card JXM-1T1-S
$49.95
Juniper Netscreen SSG-20 T1 card JXM-1T1-S pictureBrand New in Original Box Juniper Networks EX-QSFP-40GE-DAC-50CM Cable
$9.99
Brand New in Original Box Juniper Networks EX-QSFP-40GE-DAC-50CM Cable pictureJuniper SSG-20-SH Secure Services Gateway w/t T1 card
$59.95
Juniper SSG-20-SH Secure Services Gateway w/t T1 card pictureEX-UM-2XFP - Juniper EX-UM-2XFP 711-02127 2PT 10GB XFP Uplink Module
$325.0
EX-UM-2XFP - Juniper EX-UM-2XFP 711-02127 2PT 10GB XFP Uplink Module picture


Discussions

No Discussions have been posted on this vulnerability.