VMware
 

Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

Security Response to BugTraq 332286: Non-root User Can Delete Files in Any Directory

Details

An advisory for a VMware Workstation vulnerability has been posted to the BugTraq mailing list (http://www.securityfocus.com/archive/1/332286).

What is the extent of the vulnerability? What protective actions should I take? What is VMware's response?

Solution

There is a vulnerability in VMware Workstation 4.0.1 (for Linux systems) build 5289 and earlier releases that can allow a non-root user of the host system to delete files in any directory.

VMware strongly urges customers running VMware Workstation (for Linux systems) to upgrade as soon as possible.

Customers running any version of VMware Workstation (for Windows operating systems) are not subject to this vulnerability.

Solution

To correct the vulnerability in VMware Workstation 4.0.1, VMware has released the following:

  • VMware Workstation 4.0.2

Details

VMware Workstation customers, if covered under the VMware Workstation Product Upgrade Policy as described at http://www.vmware.com/vmwarestore/pricing.html are entitled to download and install this updated version from
http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST4-LX-ESD

This is available today.

Upgrade instructions are at http://www.vmware.com/support/ws4/doc/releasenotes_ws4.html

Keywords

URLZ; 1106; alertz

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 1106
  • Updated: Aug 14, 2009
  • Products:
    VMware Workstation
  • Product Versions:
    VMware Workstation 4.x (Linux)