VMware issues patch for privilege escalation bug

Security Alert

VMware issues patch for privilege escalation bug

SearchSecurity.in Staff

VMware has issued a patch for a Workstation Hypervisor vulnerability that makes it susceptible to a privilege escalation issue (CVE-2011-1126). It affects machines using Linux as the Hypervisor host environment.

This security bug affects the vmrun utility that performs various tasks on a virtual machine (vmrun is installed by VMware Workstation as default). vmrun runs on any platform with installed VIX libraries. On Linux installations, a user with the ability to place files into the predefined library path could gain escalated privileges, and gain execution control of vmrun.

Vmware VIX for Linux 1.10.2 and earlier versions, VMware Workstation 7.1.3 on Linux and earlier versions, as well as VMware Workstation 6.5.5 on Linux and earlier versions are known to be affected by this issue. Windows versions of the product are unaffected by the vulnerability.

Although VMware has issued patches to rectify this issue, the VMware VIX API remains unpatched so far. Futher details regarding the vulnerability can be found in this VMware

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

security advisory.