David Mirza Ahmad
Symantec
PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past is for the future.
We must be the winners of the memory war.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Description
- -----------
The following products have a vulnerability that can allow a
user of the host system to start an arbitrary program with
root privileges:
VMware GSX Server 2.5.1 (for Linux systems) build 4968 and
earlier releases VMware Workstation 4.0 (for Linux systems)
and earlier releases
Details/Impact
- --------------
By manipulating the VMware GSX Server and VMware Workstation
environment variables, a program such as a shell session with
root privileges could be started when a virtual machine is
launched. The user would then have full access to the host.
VMware strongly urges customers running GSX Server and
Workstation (for Linux systems) to upgrade as soon
as possible.
Customers running any version of VMware GSX Server or
Workstation (for Windows operating systems) are not subject to
this vulnerability.
Solution
- --------
To correct the vulnerability in VMware Workstation 4.0, VMware
has released the following:
- - Workstation 4.0.1
To correct the vulnerability in GSX Server 2.5.1, VMware will
release the following:
- - GSX Server 2.5.1 patch 1 (for Linux systems)
Details
- -----------
GSX Server 2.5.1 patch 1 (for Linux systems)
VMware GSX Server customers with support services are entitled
to download and install this patched version. VMware strongly
urges customers running GSX Server (for Linux
systems) to upgrade as soon as possible.
VMware GSX Server customers with support services are entitled
to download and install this patched version from
http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=GSX-LX-ESD
This will be available soon.
Upgrade instructions are at:
http://www.vmware.com/support/gsx25/doc/upgrade_gsx.html
- -----------
VMware Workstation 4.0.1
VMware Workstation customers, if covered under the VMware Workstation Product
Upgrade Policy as described at:
http://www.vmware.com/vmwarestore/pricing.html
are entitled to download and install this updated version from
http://www.vmware.com/vmwarestore/newstore/download.jsp?ProductCode=WKST4-LX-ESD
This is available today.
Upgrade instructions are at
http://www.vmware.com/support/ws4/doc/ws40_upgrade.html
Notes
- -----
* VMware wishes to thank Paul Szabo of the University of Sydney for alerting us
to this vulnerability.
His Web page is at:
http://www.maths.usyd.edu.au:8000/u/psz/
* VMware has posted a knowledge base article that describes this problem:
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039
- -----------------
This document is clear signed with PGP.
VMware has the PGP public key available at
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1055
Some mail programs cause changes to mail messages and content,
which may result in an indication that the PGP signature for
this message is not valid. This may also occur if this
message is forwarded through another email distribution list
that changes the "From" field. Please try to save the message
into a file and then running PGP on it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQE/HwWTLsZLrftG15MRAhXiAJ9vFcGCqKmTG+vzqXrHoiXbuTFNnACgwBwp
K3nnGqL48DDolgn8TFY6zSY=
=Dblu
-----END PGP SIGNATURE-----
