Linux Today: Linux News On Internet Time.

More on LinuxToday

VMware Security Alert

Jun 28, 1999, 12:24 (1 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"On June 22nd, 1999, VMware, Inc. was notified of a security problem with VMware for Linux 1.0.1. This security hole is also present in all previous versions of VMware for Linux. The security hole has been fixed in VMware for Linux 1.0.2 released today. The security hole allows a buffer overrun attack against VMware for Linux to result in unprivileged root access to a machine. An updated version of VMware for Linux which fixes this problem is available now, see below. As far as we know, this breach has never been used for malicious purposes, or caused any harm to customer installations. VMware, Inc. apologizes for the inconvenience to our users."

"The security hole allows an attack to occur during VMware startup, but before a virtual machine is powered on. Guest operating systems themselves are unlikely to be affected by these buffer overflow attacks. Systems most vulnerable to this attack are multi-user Linux systems that have VMware installed. A malicious user with access to an account on the system could exploit the hole. Stand alone single-user machines are not at high risk from this security hole. This hole does not allow direct network based 'worm' style attacks against VMware."

"The security hole can be closed by simply upgrading to VMware for Linux version 1.0.2"

More Information