72 lines
2.4 KiB
XML
72 lines
2.4 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
|
|
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
|
|
<glsa id="200502-18">
|
|
<title>VMware Workstation: Untrusted library search path</title>
|
|
<synopsis>
|
|
VMware may load shared libraries from an untrusted, world-writable
|
|
directory, resulting in the execution of arbitrary code.
|
|
</synopsis>
|
|
<product type="ebuild">VMware</product>
|
|
<announced>February 14, 2005</announced>
|
|
<revised>May 25, 2006: 03</revised>
|
|
<bug>81344</bug>
|
|
<access>local</access>
|
|
<affected>
|
|
<package name="app-emulation/vmware-workstation" auto="yes" arch="*">
|
|
<unaffected range="ge">4.5.2.8848-r5</unaffected>
|
|
<unaffected range="rge">3.2.1.2242-r4</unaffected>
|
|
<vulnerable range="lt">4.5.2.8848-r5</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
VMware Workstation is a powerful virtual machine for developers and
|
|
system administrators.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered
|
|
that VMware Workstation searches for gdk-pixbuf loadable modules in an
|
|
untrusted, world-writable directory.
|
|
</p>
|
|
</description>
|
|
<impact type="normal">
|
|
<p>
|
|
A local attacker could create a malicious shared object that would be
|
|
loaded by VMware, resulting in the execution of arbitrary code with the
|
|
privileges of the user running VMware.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
The system administrator may create the file /tmp/rrdharan to prevent
|
|
malicious users from creating a directory at that location:
|
|
</p>
|
|
<code>
|
|
# touch /tmp/rrdharan</code>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All VMware Workstation users should upgrade to the latest version:
|
|
</p>
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --ask --oneshot --verbose ">=app-emulation/vmware-workstation-3.2.1.2242-r4"</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0444">CVE-2005-0444</uri>
|
|
</references>
|
|
<metadata tag="requester" timestamp="Sat, 12 Feb 2005 12:53:09 +0000">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="bugReady" timestamp="Sat, 12 Feb 2005 12:53:31 +0000">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="submitter" timestamp="Sun, 13 Feb 2005 19:36:17 +0000">
|
|
taviso
|
|
</metadata>
|
|
</glsa>
|