The host is installed with VMWare product(s) that are vulnerable to local privilege escalation vulnerability.

Successful exploitation could result in arbitrary code execution on linux based host system by an unprivileged user and can also crash the application. Local access is required in order to execute the set-uid vmware-authd and Also, vix.inGuest.enable configuration must be set. Impact Level : System

Upgrade VMware Product(s) to below version, VMware Player 1.0.7 build 91707 or 2.0.4 build 93057 or later www.vmware.com/download/player/ VMware Server 1.0.6 build 91891 or later www.vmware.com/download/server/ VMware Workstation 5.5.7 build 91707 or 6.0.4 build 93057 or later www.vmware.com/download/ws/

Issue is due to local exploitation of an untrusted library path in vmware-authd. VMware VIX API (Application Program Interface) fails to adequately bounds check user supplied input before copying it to insufficient size buffer.

VMware Player 1.x - before 1.0.7 build 91707 on Linux VMware Player 2.x - before 2.0.4 build 93057 on Linux VMware Server 1.x - before 1.0.6 build 91891 on Linux VMware Workstation 5.x - before 5.5.7 build 91707 on Linux VMware Workstation 6.x - before 6.0.4 build 93057 on Linux

• http://secunia.com/advisories/30556
• http://www.vmware.com/security/advisories/VMSA-2008-0009.html

---

Updated on 2015-03-25