ID CVE-2008-0967
Summary Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2010-08-16T04:10:47.643-04:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    • comment VMWare ESX Server 3.0.2 is installed
      oval oval:org.mitre.oval:def:5613
    • comment VMWare ESX Server 3.0.1 is installed
      oval oval:org.mitre.oval:def:5367
    description Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
    family unix
    id oval:org.mitre.oval:def:4768
    status accepted
    submitted 2008-06-10T15:10:44.000-05:00
    title VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges
    version 7
  • accepted 2010-05-17T04:00:04.180-04:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name J. Daniel Brown
      organization DTCC
    definition_extensions
    • comment VMWare ESX Server 3.0.2 is installed
      oval oval:org.mitre.oval:def:5613
    • comment VMWare ESX Server 3.0.1 is installed
      oval oval:org.mitre.oval:def:5367
    description Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
    family unix
    id oval:org.mitre.oval:def:5583
    status accepted
    submitted 2008-06-10T15:10:44.000-05:00
    title VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges
    version 5
refmap via4
bid 29557
bugtraq 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
confirm http://www.vmware.com/security/advisories/VMSA-2008-0009.html
gentoo GLSA-201209-25
idefense 20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability
sectrack 1020198
secunia 30556
sreason 3922
vupen ADV-2008-1744
xf vmware-vmwareauthd-privilege-escalation(42878)
Last major update 30-10-2018 - 16:26
Published 05-06-2008 - 20:32
Back to Top