Vulnerability CVE-2008-0967
Published: 2008-06-05   Modified: 2012-02-12

Description:
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.

See advisories in our WLB2 database:
Topic
Author
Date
High
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi
VMware Security ...
07.06.2008

Type:

CWE-Other

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Vmware -> Esx server 
Vmware -> ESXI 
Vmware -> Player 
Vmware -> Server 
Vmware -> Vmware server 
Vmware -> Vmware workstation 
Vmware -> Workstation 
Vmware -> ESX 

 References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securityreason.com/securityalert/3922
http://securitytracker.com/id?1020198
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/29557
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/1744
https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583
Copyright 2024, cxsecurity.com

 

Back to Top