108200 2003-07-24 00:21 /9 rader/ Dave Ahmad <da@securityfocus.com> Importerad: 2003-07-24 00:21 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <5708> Ärende: VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems) vulnerability ------------------------------------------------------------ David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- The battle for the past is for the future. We must be the winners of the memory war. (108200) /Dave Ahmad <da@securityfocus.com>/-------- Bilaga (text/plain) i text 108201 108201 2003-07-24 00:21 /119 rader/ Dave Ahmad <da@securityfocus.com> Bilagans filnamn: "GSX_WS_PR29113_Bugtraq_vulnerability_posting.asc" Importerad: 2003-07-24 00:21 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <5709> Bilaga (text/plain) till text 108200 Ärende: Bilaga (GSX_WS_PR29113_Bugtraq_vulnerability_posting.asc) till: VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems) vulnerability ------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description - ----------- The following products have a vulnerability that can allow a user of the host system to start an arbitrary program with root privileges: VMware GSX Server 2.5.1 (for Linux systems) build 4968 and earlier releases VMware Workstation 4.0 (for Linux systems) and earlier releases Details/Impact - -------------- By manipulating the VMware GSX Server and VMware Workstation environment variables, a program such as a shell session with root privileges could be started when a virtual machine is launched. The user would then have full access to the host. VMware strongly urges customers running GSX Server and Workstation (for Linux systems) to upgrade as soon as possible. Customers running any version of VMware GSX Server or Workstation (for Windows operating systems) are not subject to this vulnerability. Solution - -------- To correct the vulnerability in VMware Workstation 4.0, VMware has released the following: - - Workstation 4.0.1 To correct the vulnerability in GSX Server 2.5.1, VMware will release the following: - - GSX Server 2.5.1 patch 1 (for Linux systems) Details - ----------- GSX Server 2.5.1 patch 1 (for Linux systems) VMware GSX Server customers with support services are entitled to download and install this patched version. VMware strongly urges customers running GSX Server (for Linux systems) to upgrade as soon as possible. VMware GSX Server customers with support services are entitled to download and install this patched version from http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=GSX-LX-ESD This will be available soon. Upgrade instructions are at: http://www.vmware.com/support/gsx25/doc/upgrade_gsx.html - ----------- VMware Workstation 4.0.1 VMware Workstation customers, if covered under the VMware Workstation Product Upgrade Policy as described at: http://www.vmware.com/vmwarestore/pricing.html are entitled to download and install this updated version from http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST4-LX-ESD This is available today. Upgrade instructions are at http://www.vmware.com/support/ws4/doc/ws40_upgrade.html Notes - ----- * VMware wishes to thank Paul Szabo of the University of Sydney for alerting us to this vulnerability. His Web page is at: http://www.maths.usyd.edu.au:8000/u/psz/ * VMware has posted a knowledge base article that describes this problem: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039 - ----------------- This document is clear signed with PGP. VMware has the PGP public key available at http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1055 Some mail programs cause changes to mail messages and content, which may result in an indication that the PGP signature for this message is not valid. This may also occur if this message is forwarded through another email distribution list that changes the "From" field. Please try to save the message into a file and then running PGP on it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) iD8DBQE/HwWTLsZLrftG15MRAhXiAJ9vFcGCqKmTG+vzqXrHoiXbuTFNnACgwBwp K3nnGqL48DDolgn8TFY6zSY= =Dblu -----END PGP SIGNATURE----- (108201) /Dave Ahmad <da@securityfocus.com>/(Ombruten) 108355 2003-07-26 18:46 /18 rader/ VMware <vmware-security-alert@vmware.com> Importerad: 2003-07-26 18:46 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <5756> Ärende: Re: VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems) vulnerability ------------------------------------------------------------ In-Reply-To: <Pine.LNX.4.55.0307231606160.25752@mail.securityfocus.com> VMware GSX Server 2.5.1 patch 1 (for Linux operating systems) build 5336 is now available for downloading by VMware customers with support services. This release corrects the vulnerability reported in http://www.securityfocus.com/archive/1/330184. VMware GSX Server customers with support services are entitled to download and install this patched version from http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=GSX-LX- ESD Upgrade instructions are at: http://www.vmware.com/support/gsx25/doc/upgrade_gsx.html (108355) /VMware <vmware-security-alert@vmware.com>/(Ombruten)