CVE-2008-0967
First published: Thu Jun 05 2008(Updated: )
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESX | =3.3 | |
| VMware Player | =1.0.6 | |
| VMware Server | =1.0.1 | |
| VMware Player | =2.0.1 | |
| VMware Player | =2.0.2 | |
| VMware Player | =1.0.2 | |
| VMware VMware Workstation | =5.5.6 | |
| VMware ESX | =3.2 | |
| VMware Workstation | =6.0 | |
| VMware VMware Workstation | =5.5.5 | |
| VMware Workstation | =5.5.3 | |
| VMware Player | =1.0.3 | |
| VMware VMware Workstation | =5.5.0 | |
| VMware Player | =2.0.3 | |
| VMware ESXi | =3.5 | |
| VMware Player | =1.0.1 | |
| VMware Server | =1.0.4 | |
| VMware Player | =1.0.4 | |
| VMware VMware Workstation | =6.0.2 | |
| VMware ESX | =2.5.5 | |
| VMware ESX | =3.1 | |
| VMware Player | =1.0.5 | |
| VMware ESX | =3.5 | |
| VMware Server | =1.0.0 | |
| VMware VMware Workstation | =5.5.2 | |
| VMware Workstation | =5.5.1 | |
| VMware Server | =1.0.3 | |
| VMware Server | =1.0.2 | |
| VMware Server | =1.0.5 | |
| VMware Player | =2.0 | |
| VMware VMware Workstation | =6.0.3 | |
| VMware VMware Workstation | =6.0.1 | |
| VMware Workstation | =5.5.4 | |
| VMware Player | =1.0.0 | |
| VMware ESX | =3.0.0 | |
| VMware ESX | =3.0.2 | |
| VMware ESX | =3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://securitytracker.com/id?1020198
- http://secunia.com/advisories/30556
- http://securityreason.com/securityalert/3922
- http://www.vupen.com/english/advisories/2008/1744
- http://www.securityfocus.com/bid/29557
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0967?
The severity of CVE-2008-0967 is rated as medium due to the potential for local privilege escalation.
How do I fix CVE-2008-0967?
To fix CVE-2008-0967, update your VMware products to versions that have incorporated the patch for this vulnerability.
Which VMware versions are affected by CVE-2008-0967?
CVE-2008-0967 affects VMware Workstation 5.x, Player 1.x, Server 1.x, and certain ESX versions before their respective patched releases.
What is the impact of CVE-2008-0967?
The impact of CVE-2008-0967 allows an attacker to exploit the untrusted search path to execute arbitrary code with elevated privileges.
Is there a workaround for CVE-2008-0967?
A temporary workaround for CVE-2008-0967 includes adjusting system path variables to limit the search path that VMware applications utilize.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware esx
- version/vmware esx/3.3
- canonical/vmware player
- version/vmware player/1.0.6
- canonical/vmware server
- version/vmware server/1.0.1
- version/vmware player/2.0.1
- version/vmware player/2.0.2
- version/vmware player/1.0.2
- canonical/vmware vmware workstation
- version/vmware vmware workstation/5.5.6
- version/vmware esx/3.2
- canonical/vmware workstation
- version/vmware workstation/6.0
- version/vmware vmware workstation/5.5.5
- version/vmware workstation/5.5.3
- version/vmware player/1.0.3
- version/vmware vmware workstation/5.5.0
- version/vmware player/2.0.3
- canonical/vmware esxi
- version/vmware esxi/3.5
- version/vmware player/1.0.1
- version/vmware server/1.0.4
- version/vmware player/1.0.4
- version/vmware vmware workstation/6.0.2
- version/vmware esx/2.5.5
- version/vmware esx/3.1
- version/vmware player/1.0.5
- version/vmware esx/3.5
- version/vmware server/1.0.0
- version/vmware vmware workstation/5.5.2
- version/vmware workstation/5.5.1
- version/vmware server/1.0.3
- version/vmware server/1.0.2
- version/vmware server/1.0.5
- version/vmware player/2.0
- version/vmware vmware workstation/6.0.3
- version/vmware vmware workstation/6.0.1
- version/vmware workstation/5.5.4
- version/vmware player/1.0.0
- version/vmware esx/3.0.0
- version/vmware esx/3.0.2
- version/vmware esx/3.0.1