CVE-2008-0967

Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
http://www.vmware.com/security/advisories/VMSA-2008-0009.html	Vendor Advisory
http://securitytracker.com/id?1020198
http://secunia.com/advisories/30556	Vendor Advisory
http://securityreason.com/securityalert/3922
http://www.vupen.com/english/advisories/2008/1744	Vendor Advisory
http://www.securityfocus.com/bid/29557
http://security.gentoo.org/glsa/glsa-201209-25.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768
http://www.securityfocus.com/archive/1/493080/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:esx_server:2.5.5:::::::*
	cpe:2.3:a:vmware:esx_server:3.5:::::::*
	cpe:2.3:a:vmware:esxi:3.5:::::::*
	cpe:2.3:a:vmware:player:2.0:::::::*
	cpe:2.3:a:vmware:player:2.0.1:::::::*
	cpe:2.3:a:vmware:vmware_server:1.0.4:::::::*
	cpe:2.3:a:vmware:vmware_server:1.0.5:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.0.3:::::::*
	cpe:2.3:a:vmware:workstation:5.5.1:::::::*
	cpe:2.3:o:vmware:esx:3.0.0:::::::*
	cpe:2.3:o:vmware:esx:3.0.1:::::::*
	cpe:2.3:a:vmware:esx_server:3.3:::::::*
	cpe:2.3:a:vmware:player:1.0.6:::::::*
	cpe:2.3:a:vmware:vmware_server:1.0.1:::::::*
	cpe:2.3:a:vmware:player:2.0.2:::::::*
	cpe:2.3:a:vmware:player:1.0.2:::::::*
	cpe:2.3:a:vmware:esx_server:3.2:::::::*
	cpe:2.3:a:vmware:workstation:5.5.3:::::::*
	cpe:2.3:a:vmware:player:1.0.3:::::::*
	cpe:2.3:a:vmware:vmware_workstation:5.5.0:::::::*
	cpe:2.3:a:vmware:player:2.0.3:::::::*
	cpe:2.3:a:vmware:player:1.0.1:::::::*
	cpe:2.3:a:vmware:player:1.0.4:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
	cpe:2.3:a:vmware:esx_server:3.1:::::::*
	cpe:2.3:a:vmware:player:1.0.5:::::::*
	cpe:2.3:a:vmware:vmware_workstation:5.5.2:::::::*
	cpe:2.3:a:vmware:server:1.0.3:::::::*
	cpe:2.3:a:vmware:vmware_server:1.0.2:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
	cpe:2.3:a:vmware:workstation:5.5.4:::::::*
	cpe:2.3:a:vmware:player:1.0.0:::::::*
	cpe:2.3:o:vmware:esx:3.0.2:::::::*
	cpe:2.3:a:vmware:vmware_workstation:5.5.6:::::::*
	cpe:2.3:a:vmware:workstation:6.0:::::::*
	cpe:2.3:a:vmware:vmware_workstation:5.5.5:::::::*
	cpe:2.3:a:vmware:vmware_server:1.0.0:::::::*

Information

Published : 2008-06-05 13:32

Updated : 2018-10-30 09:26

NVD link : CVE-2008-0967

Mitre link : CVE-2008-0967

JSON object : View

CWE

NVD-CWE-Other

Products Affected

vmware

esx_server
workstation
player
vmware_workstation
vmware_server
esx
esxi
server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713", "name": "20080604 VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1020198", "name": "1020198", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/30556", "name": "30556", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3922", "name": "3922", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2008/1744", "name": "ADV-2008-1744", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/29557", "name": "29557", "tags": [], "refsource": "BID"}, {"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml", "name": "GLSA-201209-25", "tags": [], "refsource": "GENTOO"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42878", "name": "vmware-vmwareauthd-privilege-escalation(42878)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5583", "name": "oval:org.mitre.oval:def:5583", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4768", "name": "oval:org.mitre.oval:def:4768", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded", "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0967", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-06-05T20:32Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:26Z"}

6.9 /10