drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ungeprüfte Verwendung von Umgebungsvariablen in vmware-workstation
Name: |
Ungeprüfte Verwendung von Umgebungsvariablen in vmware-workstation
|
|
ID: |
200308-03 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 26. August 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
VMWare |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200308-03 --------------------------------------------------------------------
PACKAGE : vmware-workstation SUMMARY : local full host access DATE : 2003-08-25 13:44 UTC EXPLOIT : local VERSIONS AFFECTED : <vmware-workstation-4.0.1-5289 <vmware-workstation-3.2.1-2242 FIXED VERSION : >=vmware-workstation-4.0.1-5289 >=vmware-workstation-3.2.1-2242 CVE : CAN-2003-0480 CAN-2003-0631
--------------------------------------------------------------------
- From advisory: "By manipulating the VMware GSX Server and VMware Workstation environment variables, a program such as a shell session with root privileges could be started when a virtual machine is launched. The user would then have full access to the host."
Read the full advisories at: http://www.securityfocus.com/archive/1/330184
SOLUTION
It is recommended that all Gentoo Linux users who are running app-emulation/vmware-workstation upgrade to either vmware-workstation-3.2.1-2242 or vmware-workstation-4.0.1-5289 follows:
emerge sync emerge vmware-workstation-<VERSION> emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/ShLGfT7nyhUpoZMRAuZpAJ9hbaB1L9bpaEZ+dxriK5gkq91WoACfTbak ypAHrWqhBJVhCa7TpYxXsTk= =JHk+ -----END PGP SIGNATURE-----
|
|
|
|