Oval Definition:oval:org.mitre.oval:def:4768
Revision Date:2010-08-16Version:5
Title:VMware Unsafe Library Path in vmware-authd Lets Local Users Gain Elevated Privileges
Description:Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-0967
Platform(s):VMWare ESX Server 2
VMWare ESX Server 3
Product(s):
Definition Synopsis
  • VMWare ESX Server 3.0.2 meets CVE-2008-0967
  • VMWare ESX Server 3.0.2 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX-1004727 is not installed
  • OR Patch ESX-1004821 is not installed
  • OR Patch ESX-1004216 is not installed
  • OR Patch ESX-1004726 is not installed
  • OR Patch ESX-1004722 is not installed
  • OR Patch ESX-1004724 is not installed
  • OR Patch ESX-1004719 is not installed
  • OR Patch ESX-1004219 is not installed
  • OR VMWare ESX Server 3.0.1 meets CVE-2008-0967
  • VMWare ESX Server 3.0.1 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX-1004186 is not installed
  • OR Patch ESX-1004728 is not installed
  • OR Patch ESX-1004725 is not installed
  • OR Patch ESX-1004721 is not installed
  • OR Patch ESX-1004723 is not installed
  • OR Patch ESX-1004190 is not installed
  • OR Patch ESX-1004189 is not installed
  • OR VMWare ESX Server 2.5.5 meets CVE-2008-0967
  • VMWare ESX Server 2.5.5 build 57619 or higher is installed
  • AND VMWare ESX Server 2.5.5 upgrade patch 8 is not installed
  • OR VMWare ESX Server 2.5.4 meets CVE-2008-0967
  • VMWare ESX Server 2.5.4 build 32233 or higher is installed
  • AND VMWare ESX Server 2.5.4 upgrade patch 19 is not installed
    • BACK