Security Alert

VMware issues patch for privilege escalation bug

SearchSecurity.in Staff

VMware has issued a patch for a Workstation Hypervisor vulnerability that makes it susceptible to a privilege escalation issue (CVE-2011-1126). It affects machines using Linux as the Hypervisor host environment.

This security bug affects the vmrun utility that performs various tasks on a virtual machine (vmrun is installed by VMware Workstation as default). vmrun runs on any platform with installed VIX libraries. On Linux installations, a user with the ability to place files into the predefined library path could gain escalated privileges, and gain execution control of vmrun.

Vmware VIX for Linux 1.10.2 and earlier versions, VMware Workstation 7.1.3 on Linux and earlier versions, as well as VMware Workstation 6.5.5 on Linux and earlier versions are known to be affected by this issue. Windows versions of the product are unaffected by the vulnerability.

Although VMware has issued patches to rectify this issue, the VMware VIX API remains unpatched so far. Futher details regarding the vulnerability can be found in this VMware

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

security advisory.