In association with heise online

30 March 2011, 14:59

VMware warns of vulnerability in its products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VMware Logo Virtualisation specialist VMware is warning of a security vulnerability (CVE-2011-1126) in several of its products that run on Linux. According to the company, the vmrun utility, which is used to perform various tasks on virtual machines including automated guest operations and is installed by default, is susceptible to a privilege escalation issue. This is caused when the utility incorrectly loads libraries from certain directories. This could, for example, be exploited by a malicious local user to gain escalated privileges and make unauthorised changes.

VMware Workstation version 7.1.3 and 6.5.5 (and earlier) on Linux, as well as VMware VIX API for Linux 1.10.2 and earlier, are all said to be affected. Windows versions of the products are unaffected. To correct the issue, the company has issued a patch for its VMware Workstation, however, VMware VIX API remains unpatched. Further details of the affected versions can be found in the security advisory.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1218376
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit