GLSA-200502-18 : VMware Workstation: Untrusted library search path

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200502-18
(VMware Workstation: Untrusted library search path)

Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered
that VMware Workstation searches for gdk-pixbuf loadable modules in an
untrusted, world-writable directory.

Impact :

A local attacker could create a malicious shared object that would be
loaded by VMware, resulting in the execution of arbitrary code with the
privileges of the user running VMware.

Workaround :

The system administrator may create the file /tmp/rrdharan to prevent
malicious users from creating a directory at that location:
# touch /tmp/rrdharan

See also :

Solution :

All VMware Workstation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/vmware-workstation-'

Risk factor :

Medium / CVSS Base Score : 4.6

Family: Gentoo Local Security Checks

Nessus Plugin ID: 16459 (gentoo_GLSA-200502-18.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0444

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now