The host is installed with VMWare product(s) that are vulnerable to local privilege escalation vulnerability.
Successful exploitation could result in arbitrary code execution on linux based host system by an unprivileged user and can also crash the application. Local access is required in order to execute the set-uid vmware-authd and Also, vix.inGuest.enable configuration must be set. Impact Level : System
Upgrade VMware Product(s) to below version, VMware Player 1.0.7 build 91707 or 2.0.4 build 93057 or later www.vmware.com/download/player/ VMware Server 1.0.6 build 91891 or later www.vmware.com/download/server/ VMware Workstation 5.5.7 build 91707 or 6.0.4 build 93057 or later www.vmware.com/download/ws/
Issue is due to local exploitation of an untrusted library path in vmware-authd. VMware VIX API (Application Program Interface) fails to adequately bounds check user supplied input before copying it to insufficient size buffer.
VMware Player 1.x - before 1.0.7 build 91707 on Linux VMware Player 2.x - before 2.0.4 build 93057 on Linux VMware Server 1.x - before 1.0.6 build 91891 on Linux VMware Workstation 5.x - before 5.5.7 build 91707 on Linux VMware Workstation 6.x - before 6.0.4 build 93057 on Linux
- Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
- Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux)
- Nortel Default Username and Password
- Panda Products Privilege Escalation Vulnerability
- VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability