Vulnerability Description
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Esx Server | 2.5.5 |
| Vmware | Esxi | 3.5 |
| Vmware | Player | 1.0.0 |
| Vmware | Server | 1.0.3 |
| Vmware | Vmware Server | 1.0.0 |
| Vmware | Vmware Workstation | 5.5.0 |
| Vmware | Workstation | 5.5.1 |
| Vmware | Esx | 3.0.0 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
- http://secunia.com/advisories/30556Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://securityreason.com/securityalert/3922
- http://securitytracker.com/id?1020198
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
- http://www.securityfocus.com/bid/29557
- http://www.vmware.com/security/advisories/VMSA-2008-0009.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2008/1744Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42878
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=713
- http://secunia.com/advisories/30556Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201209-25.xml
FAQ
What is CVE-2008-0967?
CVE-2008-0967 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4...
How severe is CVE-2008-0967?
CVE-2008-0967 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0967?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Esx Server, Vmware Esxi, Vmware Player, Vmware Server, Vmware Vmware Server.