Linux Users Warned of Privilege Escalation Vulnerability in VMware Workstation

The company provides a simple workaround to address the issue

By on August 23rd, 2013 13:24 GMT

VMware has published an advisory to warn VMware Workstation and VMware Player users of a component vulnerability that could be exploited for privilege escalation on certain Linux machines.

“VMware Workstation and Player contain a vulnerability in the handling of the vmware-mount command. A local malicious user may exploit this vulnerability to escalate their privileges to root on the host OS,” reads an advisory published by the company on Thursday.

VMware Workstation 9.x, VMware Workstation 8.x, VMware Player 5.x, and VMware Player 4.x are impacted, but only if they’re installed on a Debian-based version of Linux.

To address the issue, users are advised to remove the setuid bit from vmware-mount: # chmod u-s /usr/bin/vmware-mount – a workaround that can be implemented in both Player and Workstation.

The vulnerability has been identified by Tavis Ormandy from the Google Security Team.

Comments

Vulnerability found in VMware Workstation
   Vulnerability found in VMware Workstation