[Vmware-package-maintainers] Bug#486110: vmware-package: CVE-2008-0967 Untrusted search path vulnerability in vmware-authd in VMware ...

Thomas Bläsing thomasbl at pool.math.tu-berlin.de
Fri Jun 13 12:53:20 UTC 2008

Package: vmware-package
Version: 0.22
Severity: important
Tags: security

the following CVE (Common Vulnerabilities & Exposures) id was
published for vmware-package.

| Untrusted search path vulnerability in vmware-authd in VMware
| Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build
| 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4
| build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and
| VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users
| to gain privileges via an unspecified option in a configuration file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967

As mentioned in bug #484491, I think you just need to update the hashes
for the tarballs to fix this bug :)

Kind regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/vmware-package-maintainers/attachments/20080613/2af5a124/attachment.pgp 

More information about the Vmware-package-maintainers mailing list