VMware issues patch for privilege escalation bug

Virtualization player VMware has issued patches to address a privilege escalation bug in several of its products on the Linux platform.

VMware has issued a patch for a Workstation Hypervisor vulnerability that makes it susceptible to a privilege escalation issue (CVE-2011-1126). It affects machines using Linux as the Hypervisor host environment.

This security bug affects the vmrun utility that performs various tasks on a virtual machine (vmrun is installed by VMware Workstation as default). vmrun runs on any platform with installed VIX libraries. On Linux installations, a user with the ability to place files into the predefined library path could gain escalated privileges, and gain execution control of vmrun.

Vmware VIX for Linux 1.10.2 and earlier versions, VMware Workstation 7.1.3 on Linux and earlier versions, as well as VMware Workstation 6.5.5 on Linux and earlier versions are known to be affected by this issue. Windows versions of the product are unaffected by the vulnerability.

Although VMware has issued patches to rectify this issue, the VMware VIX API remains unpatched so far. Futher details regarding the vulnerability can be found in this VMware security advisory.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Data breach incident management and recovery



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: