VMware have posted a knowledge base article on 2003-06-27 that describes
the workaround to protect a system against potential priviledge escalation.
It is at:
>Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000
>Received: from outgoing2.securityfocus.com (220.127.116.11)
> by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT)
>Mailing-List: contact firstname.lastname@example.org; run by ezmlm
>Delivered-To: mailing list email@example.com
>Delivered-To: moderator for firstname.lastname@example.org
>Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000
>Date: 26 Jun 2003 22:08:25 -0000
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: VMware <email@example.com>
>Subject: VMware Workstation 4.0: Possible privilege escalation on the host
> via symlink manipulation
>It is possible for a user to gain an esclation in privileges on a system
>running VMware Workstation 4.0 for Linux systems by symlink manipulation
>in a world-writable directory such as /tmp.
>Affected systems: VMware Workstation 4.0 for Linux systems
>Dates: This was reported to VMware on 2003-06-17 and VMware is posting
>to Bugtraq on 2003-06-26.
>1. VMware has identified a workaround and a Knowledge Base article will
>posted by noon Pacific Time on 2003-06-27 at the following url.
>2. VMware plans to release a patch that will resolve this problem
>shortly. VMware will announce details when available.