6818285 2001-07-30 15:57 -0400 /13 rader/ starman jones <sj@balrog.neuropunks.org>
Sänt av: joel@lysator.liu.se
Importerad: 2001-07-30 22:47 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <18514>
Ärende: vmware bug?
------------------------------------------------------------
From: starman jones <sj@balrog.neuropunks.org>
To: bugtraq@securityfocus.com
Message-ID: <Pine.BSF.4.21.0107301555200.20659-100000@localhost>
oi oi.. i recently installed vmware (the latest release of the
workstation thing) and it crashed once or twice. But never mind
that. in /tmp i found a file called vmware-log.starman. starman being
my user on the box. Inside in this file is my license information and
it's chmod is 777. That's kinda nasty don't ya think? has anyone seen
similar things? lates sj
(6818285) /starman jones <sj@balrog.neuropunks.org>/(Ombruten)
Kommentar i text 6818627 av Peter W <peterw@usa.net>
Kommentar i text 6818648 av KF <dotslash@snosoft.com>
Kommentar i text 6823168 av Jose Tavares <jat@terra.com.br>
6818627 2001-07-30 17:14 -0400 /23 rader/ Peter W <peterw@usa.net>
Sänt av: joel@lysator.liu.se
Importerad: 2001-07-31 00:01 av Brevbäraren
Extern mottagare: starman jones <sj@balrog.neuropunks.org>
Extern kopiemottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <18519>
Kommentar till text 6818285 av starman jones <sj@balrog.neuropunks.org>
Ärende: Re: vmware bug?
------------------------------------------------------------
From: Peter W <peterw@usa.net>
To: starman jones <sj@balrog.neuropunks.org>
Cc: bugtraq@securityfocus.com
Message-ID: <20010730171412.I31193@usa.net>
On Mon, Jul 30, 2001 at 03:57:48PM -0400, starman jones wrote:
> oi oi.. i recently installed vmware (the latest release of the workstation
> thing) and it crashed once or twice. But never mind that. in /tmp i found
> a file called vmware-log.starman. starman being my user on the box. Inside
> in this file is my license information and it's chmod is 777. That's kinda
> nasty don't ya think? has anyone seen similar things?
More than once we've discussed VMWare's need to have a safe TMPDIR
environment variable. Please set TMPDIR and post if there's still a
problem.
BTW, both Bastille (http://www.bastille-linux.org/) and my personal Web
space (http://www.tux.org/~peterw/) offer TMPDIR scripts designed to mkae
safe directories and set the TMPDIR/TMP envirnment variables at login time.
-Peter
(6818627) /Peter W <peterw@usa.net>/------(Ombruten)
6818648 2001-07-30 04:57 -0400 /23 rader/ KF <dotslash@snosoft.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-07-31 00:09 av Brevbäraren
Extern mottagare: starman jones <sj@balrog.neuropunks.org>
Extern kopiemottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <18520>
Kommentar till text 6818285 av starman jones <sj@balrog.neuropunks.org>
Ärende: Re: vmware bug?
------------------------------------------------------------
From: KF <dotslash@snosoft.com>
To: starman jones <sj@balrog.neuropunks.org>
Cc: bugtraq@securityfocus.com
Message-ID: <3B65216A.F705EE1E@snosoft.com>
Theres all kinds of stuff that goes in /tmp when vmware runs... like
nvram settings for example. I have tried a few symlink style attacks
but vmware seems to check before writing in most cases. I can However
see your license info being something "sensitive" that you wouldn't
want to share.
-KF
starman jones wrote:
>
> oi oi.. i recently installed vmware (the latest release of the workstation
> thing) and it crashed once or twice. But never mind that. in /tmp i found
> a file called vmware-log.starman. starman being my user on the box. Inside
> in this file is my license information and it's chmod is 777. That's kinda
> nasty don't ya think? has anyone seen similar things?
> lates
> sj
(6818648) /KF <dotslash@snosoft.com>/-----(Ombruten)
6823168 2001-07-31 02:42 -0300 /40 rader/ Jose Tavares <jat@terra.com.br>
Sänt av: joel@lysator.liu.se
Importerad: 2001-07-31 17:45 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <18530>
Kommentar till text 6818285 av starman jones <sj@balrog.neuropunks.org>
Ärende: Re: vmware bug?
------------------------------------------------------------
From: Jose Tavares <jat@terra.com.br>
To: bugtraq@securityfocus.com
Message-ID: <4.3.2.7.2.20010731022743.02277750@200.248.135.1>
At 15:57 30/07/01 -0400, you wrote:
>oi oi.. i recently installed vmware (the latest release of the workstation
>thing) and it crashed once or twice. But never mind that. in /tmp i found
>a file called vmware-log.starman. starman being my user on the box. Inside
>in this file is my license information and it's chmod is 777. That's kinda
>nasty don't ya think? has anyone seen similar things?
>lates
>sj
not confirmed! when the same version of vmware is run here (2.0.4
build-1142) it puts a vmware-log.user in the /tmp but it's chmod is
644 ...
the licensekey is in this file but the hash isn't!
but... stealing another users license is easy...
the license2.0 file in the home directory is 644 too and ~/.vmware
dir is 755 ...
--
Jose Antonio Alves Tavares Filho "_]{ILLER_"
--
A Computer Science Student at UCPel Pelotas/RS Brazil
ICQ# 6093525
98821689
98400508
--
"The BeOS takes the best features from the major
operating systems. It's got the power and flexibility
of Unix, the interface and ease of use of the MacOS,
and Minesweeper from Windows." --Tyler Riti
===================================================================
(6823168) /Jose Tavares <jat@terra.com.br>/(Ombruten)
Kommentar i text 6824369 av Justin Nelson <security@jm4n.com>
6824369 2001-07-31 11:53 -0400 /22 rader/ Justin Nelson <security@jm4n.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-07-31 22:18 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Externa svar till: devnull@jm4n.com
Mottagare: Bugtraq (import) <18542>
Kommentar till text 6823168 av Jose Tavares <jat@terra.com.br>
Ärende: Re: vmware bug?
------------------------------------------------------------
From: "Justin Nelson" <security@jm4n.com>
To: <bugtraq@securityfocus.com>
Message-ID: <003901c119d8$f7e5afe0$0600a8c0@justin.net>
>> but... stealing another users license is easy...
>> the license2.0 file in the home directory is 644 too...
I'm pretty sure the license file is something you copy into your home
directory yourself -- so just like any other file you put on your
machine, precautions should be taken to make sure only those
authorized should be able to view the file.
The only thing I'd possibly recommend to the vendor would be to note
this in the instructions sent with the license file...
Sincerely,
Justin Nelson, SFE Software
http://www.vdj.net
Justin@VDJ.Net
(6824369) /Justin Nelson <security@jm4n.com>/(Ombruten)