iDefense Security Advisory 06.04.08 - Local exploitation of an untrusted library path vulnerability in multiple products distributed by VMware Inc. could allow an attacker to execute arbitrary code with root privileges. The Linux version of VMware products include a program called 'vmware-authd', which is installed set-uid root. When this program is executed, it reads configuration options from the executing user's VMware configuration file. One such option allows the user to specify the directory in which to look for shared library modules needed by the program. By loading a specially crafted library, an attacker can execute arbitrary code with elevated privileges. iDefense confirmed the existence of this vulnerability in the following VMware products: VMware Workstation 6.0.2.59824 for Linux, VMware GSX Server 3.2.1.14497 for Linux, and VMware ESX Server 3.0.1.32039.
a82b3045bcbc7a5650e09e9a047819ec79df3ee1ffa50125706f3b923c1b76eb