VMware issues patch for privilege escalation bug

Virtualization player VMware has issued patches to address a privilege escalation bug in several of its products on the Linux platform.

VMware has issued a patch for a Workstation Hypervisor vulnerability that makes it susceptible to a privilege escalation issue (CVE-2011-1126). It affects machines using Linux as the Hypervisor host environment.

This security bug affects the vmrun utility that performs various tasks on a virtual machine (vmrun is installed by VMware Workstation as default). vmrun runs on any platform with installed VIX libraries. On Linux installations, a user with the ability to place files into the predefined library path could gain escalated privileges, and gain execution control of vmrun.

Vmware VIX for Linux 1.10.2 and earlier versions, VMware Workstation 7.1.3 on Linux and earlier versions, as well as VMware Workstation 6.5.5 on Linux and earlier versions are known to be affected by this issue. Windows versions of the product are unaffected by the vulnerability.

Although VMware has issued patches to rectify this issue, the VMware VIX API remains unpatched so far. Futher details regarding the vulnerability can be found in this VMware security advisory.

Read more on Data breach incident management and recovery