109079 2003-08-08 00:13 /60 rader/ VMware Security Alert <vmware-security-alert@vmware.com> Bilagans filnamn: "post.asc" Importerad: 2003-08-08 00:13 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <5928> Ärende: VMware Workstation 4.0.1 (for Linux systems) vulnerability ------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description - ----------- The following products have a vulnerability that can allow a non-root user of the host system to delete files. VMware Workstation 4.0.1 (for Linux systems) build 5289 and earlier releases Details/Impact - -------------- By manipulating symbolic links, a non-root user can delete files in any directory. Customers running any version of VMware Workstation (for Windows operating systems) are not subject to this vulnerability. Resolutions: VMware plans to release a patch that will resolve this problem shortly. VMware will announce details when available. - - How to get the patched release - - How to install a patched release - - A knowledge base article Notes - ----- * VMware thanks Paul Szabo of the University of Sydney for alerting us to this vulnerability. His Web page is at: http://www.maths.usyd.edu.au:8000/u/psz/ - ----------------- This document is clear signed with PGP. VMware has the PGP public key available at http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039 Some mail programs cause changes to mail messages and content, which may result in an indication that the PGP signature for this message is not valid. This may also occur if this message is forwarded through another email distribution list that changes the "From" field. Please try to save the message into a file and then running PGP on it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) iD8DBQE/Mro7LsZLrftG15MRAj67AJwKRZXbqfoqNF2NWB30GaL5EcCkVACgqlTl 6qlf+X8N0Y5LYYLUINAlWOg= =e4HB -----END PGP SIGNATURE----- (109079) /VMware Security Alert <vmware-security-alert@vmware.com>/(Ombruten)