CVE-2008-0967
First published: Thu Jun 05 2008(Updated: )
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESX Server | =3.3 | |
| VMware Player | =1.0.6 | |
| Vmware Vmware Server | =1.0.1 | |
| VMware Player | =2.0.1 | |
| VMware Player | =2.0.2 | |
| VMware Player | =1.0.2 | |
| VMware VMware Workstation | =5.5.6 | |
| VMware ESX Server | =3.2 | |
| VMware Workstation | =6.0 | |
| VMware VMware Workstation | =5.5.5 | |
| VMware Workstation | =5.5.3 | |
| VMware Player | =1.0.3 | |
| VMware VMware Workstation | =5.5.0 | |
| VMware Player | =2.0.3 | |
| VMware ESXi | =3.5 | |
| VMware Player | =1.0.1 | |
| Vmware Vmware Server | =1.0.4 | |
| VMware Player | =1.0.4 | |
| VMware VMware Workstation | =6.0.2 | |
| VMware ESX Server | =2.5.5 | |
| VMware ESX Server | =3.1 | |
| VMware Player | =1.0.5 | |
| VMware ESX Server | =3.5 | |
| Vmware Vmware Server | =1.0.0 | |
| VMware VMware Workstation | =5.5.2 | |
| VMware Workstation | =5.5.1 | |
| VMware Server | =1.0.3 | |
| Vmware Vmware Server | =1.0.2 | |
| Vmware Vmware Server | =1.0.5 | |
| VMware Player | =2.0 | |
| VMware VMware Workstation | =6.0.3 | |
| VMware VMware Workstation | =6.0.1 | |
| VMware Workstation | =5.5.4 | |
| VMware Player | =1.0.0 | |
| VMware ESX | =3.0.0 | |
| VMware ESX | =3.0.2 | |
| VMware ESX | =3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://securitytracker.com/id?1020198
- http://secunia.com/advisories/30556
- http://securityreason.com/securityalert/3922
- http://www.vupen.com/english/advisories/2008/1744
- http://www.securityfocus.com/bid/29557
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware esx server
- version/vmware esx server/3.3
- canonical/vmware player
- version/vmware player/1.0.6
- canonical/vmware vmware server
- version/vmware vmware server/1.0.1
- version/vmware player/2.0.1
- version/vmware player/2.0.2
- version/vmware player/1.0.2
- canonical/vmware vmware workstation
- version/vmware vmware workstation/5.5.6
- version/vmware esx server/3.2
- canonical/vmware workstation
- version/vmware workstation/6.0
- version/vmware vmware workstation/5.5.5
- version/vmware workstation/5.5.3
- version/vmware player/1.0.3
- version/vmware vmware workstation/5.5.0
- version/vmware player/2.0.3
- canonical/vmware esxi
- version/vmware esxi/3.5
- version/vmware player/1.0.1
- version/vmware vmware server/1.0.4
- version/vmware player/1.0.4
- version/vmware vmware workstation/6.0.2
- version/vmware esx server/2.5.5
- version/vmware esx server/3.1
- version/vmware player/1.0.5
- version/vmware esx server/3.5
- version/vmware vmware server/1.0.0
- version/vmware vmware workstation/5.5.2
- version/vmware workstation/5.5.1
- canonical/vmware server
- version/vmware server/1.0.3
- version/vmware vmware server/1.0.2
- version/vmware vmware server/1.0.5
- version/vmware player/2.0
- version/vmware vmware workstation/6.0.3
- version/vmware vmware workstation/6.0.1
- version/vmware workstation/5.5.4
- version/vmware player/1.0.0
- canonical/vmware esx
- version/vmware esx/3.0.0
- version/vmware esx/3.0.2
- version/vmware esx/3.0.1