blob: d0dedb3f00e9654216f540fdbef882e16784f553 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200502-18">
<title>VMware Workstation: Untrusted library search path</title>
VMware may load shared libraries from an untrusted, world-writable
directory, resulting in the execution of arbitrary code.
<product type="ebuild">VMware</product>
<announced>February 14, 2005</announced>
<revised>May 25, 2006: 03</revised>
<package name="app-emulation/vmware-workstation" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<unaffected range="rge"></unaffected>
<vulnerable range="lt"></vulnerable>
VMware Workstation is a powerful virtual machine for developers and
system administrators.
Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered
that VMware Workstation searches for gdk-pixbuf loadable modules in an
untrusted, world-writable directory.
<impact type="normal">
A local attacker could create a malicious shared object that would be
loaded by VMware, resulting in the execution of arbitrary code with the
privileges of the user running VMware.
The system administrator may create the file /tmp/rrdharan to prevent
malicious users from creating a directory at that location:
# touch /tmp/rrdharan</code>
All VMware Workstation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-emulation/vmware-workstation-;</code>
<uri link="">CVE-2005-0444</uri>
<metadata tag="requester" timestamp="Sat, 12 Feb 2005 12:53:09 +0000">
<metadata tag="bugReady" timestamp="Sat, 12 Feb 2005 12:53:31 +0000">
<metadata tag="submitter" timestamp="Sun, 13 Feb 2005 19:36:17 +0000">