Gentoo Archives: gentoo-announce

From: aliz@gentoo.org (Daniel Ahlberg)
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com
Subject: [gentoo-announce] GLSA: vmware-workstation (200308-03)
Date: Mon, 25 Aug 2003 13:35:56
Message-Id: 20030825134439.033AF9FBDB@noc.internal.fairytale.se
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200308-03
6 - - - ---------------------------------------------------------------------
7
8           PACKAGE : vmware-workstation
9           SUMMARY : local full host access
10              DATE : 2003-08-25 13:44 UTC
11           EXPLOIT : local
12 VERSIONS AFFECTED : <vmware-workstation-4.0.1-5289 <vmware-workstation-3.2.1-2242
13     FIXED VERSION : >=vmware-workstation-4.0.1-5289 >=vmware-workstation-3.2.1-2242
14               CVE : CAN-2003-0480 CAN-2003-0631
15
16 - - - ---------------------------------------------------------------------
17
18 - From advisory:
19 "By manipulating the VMware GSX Server and VMware Workstation
20 environment variables, a program such as a shell session with
21 root privileges could be started when a virtual machine is
22 launched. The user would then have full access to the host."
23
24
25 Read the full advisories at:
26 http://www.securityfocus.com/archive/1/330184
27
28
29 SOLUTION
30
31 It is recommended that all Gentoo Linux users who are running
32 app-emulation/vmware-workstation upgrade to either vmware-workstation-3.2.1-2242
33 or vmware-workstation-4.0.1-5289 follows:
34
35 emerge sync
36 emerge vmware-workstation-<VERSION>
37 emerge clean
38
39 - - - ---------------------------------------------------------------------
40 aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz
41 - - - ---------------------------------------------------------------------
42 -----BEGIN PGP SIGNATURE-----
43 Version: GnuPG v1.2.2 (GNU/Linux)
44
45 iD8DBQE/ShLGfT7nyhUpoZMRAuZpAJ9hbaB1L9bpaEZ+dxriK5gkq91WoACfTbak
46 ypAHrWqhBJVhCa7TpYxXsTk=
47 =JHk+
48 -----END PGP SIGNATURE-----