VMware Patches Workstation Bug

Tuesday, November 19, 2013 @ 05:11 PM gHale

VMware released updates for VMware Workstation and VMware Player that fix a security vulnerability that attackers could use to host privilege escalation on Linux-based devices.

VMware Workstation for Linux 9.x prior to version 9.0.3 and VMware Player for Linux 5.x prior to version 5.0.3 suffer from the issue, according to the advisory published by the company. Fusion, ESX and ESXi do not have the problem.

RELATED STORIES
VMware Patches Security Holes
VMware Fixes DoS Vulnerability
Big Security Patch from Oracle
Cisco Security Advisories

The issue (CVE-2013-5972), which is the result of the way shared libraries end up handled, could allow a local attacker to escalate his privileges to root.

“The vulnerability does not allow for privilege escalation from the Guest Operating System to the host or vice-versa,” VMware said.

Workstation and Player customers should update their installations to versions 9.0.3 and 5.0.3, respectively as soon as possible.



Leave a Reply

You must be logged in to post a comment.