CVE-2008-0967

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 5.x through 5.5.7 build 91707 VMware Workstation versions 6.x through 6.0.4 build 93057 VMware Player versions 1.x through 1.0.7 build 91707 VMware Player versions 2.x through 2.0.4 build 93057 VMware Server versions prior to 1.0.6 build 91891 VMware ESXi version 3.5 VMware ESX versions 2.5.4 through 3.5

Description The issue allows local users to gain privileges via a library path option in a configuration file due to an untrusted search path vulnerability in vmware-authd.

Recommendations For VMware Workstation versions 5.x through 5.5.7 build 91707, update to build 91707 or later. For VMware Workstation versions 6.x through 6.0.4 build 93057, update to build 93057 or later. For VMware Player versions 1.x through 1.0.7 build 91707, update to build 91707 or later. For VMware Player versions 2.x through 2.0.4 build 93057, update to build 93057 or later. For VMware Server versions prior to 1.0.6 build 91891, update to build 91891 or later. For VMware ESXi version 3.5 and VMware ESX versions 2.5.4 through 3.5, update to a version outside the affected range.