CVE-2008-0967

Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Vendor Advisory
http://securitytracker.com/id?1020198
http://secunia.com/advisories/30556	Vendor Advisory
http://securityreason.com/securityalert/3922
http://www.vupen.com/english/advisories/2008/1744	Vendor Advisory
http://www.securityfocus.com/bid/29557
http://security.gentoo.org/glsa/glsa-201209-25.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
http://www.securityfocus.com/archive/1/493080/100/0/threaded

Configuration 1

cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:* cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:* cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:* cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:* cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*

---

Published : 2008-06-05 08:32

Updated : 2018-10-30 04:26

---

NVD link : CVE-2008-0967

Mitre link : CVE-2008-0967

No products.

NVD-CWE-Other