Team Asylum Security
Copyright (c) 1999 By CyberSpace 2000
https://www.cyberspace2000.com/security
Source: Seth L. [seth@cyberspace2000.com]
Advisory Date: 06/21/99
Release Date: 06/28/99

[ Final Revision: 06/25/99 ]

Affected
--------
VMware v1.0.1 and earlier for Linux.

Product Description
-------------------
VMware v1.0.1 is a software product by VMware, Inc. that creates a 
virtual machine in which you can install multiple operating systems
without repartitioning or formatting your hard drive.

Vulnerability Summary
---------------------
Team Asylum has found multiple buffer overflows existing in VMware v1.0.1 
for Linux.  Earlier versions also have the same buffer overflows.  
VMware Inc. has been notified of these overflows and they have released 
VMware v1.0.2 as a fix.  Any local user can exploit these overflows to gain 
root access.

Fix
---
All users are encouraged to upgrade to VMware v1.0.2.  You may download
it directly off https://www.vmware.com.  

Special Thanks
--------------
Special thanks to VMware staff for responding quickly to our bug reports.  
Within 3 days, they have managed to fix the overflows, as well as stop the 
physical distribution of their v1.0.1 product.  All customers who have
purchased VMware have been notified as of 06/25/99 12:00 midnight (PST) 
about the new VMware v1.0.2 version.