Title: VMware Workstation 4.0 Insecure Temporary File Vulnerability
Severity: MODERATE
Description:
VMware is a Virtual Machine software package maintained and distributed by VMware, Incorporated.
It has been reported that it is possible for a user to gain an escalation in privileges on a system running VMware Workstation 4.0 for Linux.
This issue presents itself if a TEMPDIR environment variable is not set on a Linux system that is running the affected software. If VMware Workstation cannot find a TEMPDIR entry it will attempt to use the world writeable /tmp directory by default. Therefore, under these circumstances, it may be possible for an unprivileged user to create symbolic links that link files stored in the /tmp directory to arbitrary files on the system. Actions taken on the temporary files will be mirrored in the linked files.
A local attacker may corrupt arbitrary files in this manner, in the context of the user who is running VMware Workstation.
Affected Products:
- VMWare VMWare Workstation 4.0.0
References:
- VMware: Security Alert: Privilege Escalation on the Host when Running VMware Workstation
- VMware: VMware Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
