Rapid7 Vulnerability & Exploit Database

VMware Player: Privilege escalation on ESX or Linux based hosted operating systems (VMSA-2008-0009) (CVE-2008-0967)

Back to Search

VMware Player: Privilege escalation on ESX or Linux based hosted operating systems (VMSA-2008-0009) (CVE-2008-0967)

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
06/05/2008
Created
07/25/2018
Added
11/30/2013
Modified
02/13/2015

Description

Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.

Solution(s)

  • vmware-player-upgrade-1_0_7
  • vmware-player-upgrade-2_0_4

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;