Team Asylum Security Copyright (c) 1999 By CyberSpace 2000 http://www.cyberspace2000.com/security Source: Seth L. [seth@cyberspace2000.com] Advisory Date: 06/21/99 Release Date: 06/28/99 [ Final Revision: 06/25/99 ] Affected -------- VMware v1.0.1 and earlier for Linux. Product Description ------------------- VMware v1.0.1 is a software product by VMware, Inc. that creates a virtual machine in which you can install multiple operating systems without repartitioning or formatting your hard drive. Vulnerability Summary --------------------- Team Asylum has found multiple buffer overflows existing in VMware v1.0.1 for Linux. Earlier versions also have the same buffer overflows. VMware Inc. has been notified of these overflows and they have released VMware v1.0.2 as a fix. Any local user can exploit these overflows to gain root access. Fix --- All users are encouraged to upgrade to VMware v1.0.2. You may download it directly off http://www.vmware.com. Special Thanks -------------- Special thanks to VMware staff for responding quickly to our bug reports. Within 3 days, they have managed to fix the overflows, as well as stop the physical distribution of their v1.0.1 product. All customers who have purchased VMware have been notified as of 06/25/99 12:00 midnight (PST) about the new VMware v1.0.2 version.