Users login

Create an account »


Users login

Home » Hacking News » VMware symlink problems

VMware symlink problems

by phiber on April 19th, 2001 There is symlink vulnerability in the script which comes with lates VMware. For description and exploit download click here.

Download exploit


While mounting virtual disk drives using the script, a
temporary file named where PID is the current pid of the command will be created in an insecure manner. This allows an
attacker to overwrite any local file, if root mounts a VMware's virtual
partition (mounting is usually done as root).


[email protected]:/tmp > id

uid=500(paul) gid=100(users) Gruppen=100(users),90(firewall)

[email protected]:/tmp > ./

VMware local /etc/passwd DoS

By Ihq.

linking /etc/passwd to /tmp

[+] please wait for root to run

after running

[email protected]:/tmp > id

uid=500 gid=100(users) Gruppen=100(users),90(firewall)

Obviously the passwd file has been overwritten:

[email protected]:/tmp > cat /etc/passwd

Nr Start Size Type Id Sytem

-- ---------- ---------- ---- -- ------------------------

1 63 2096577 BIOS C Win95 FAT32 (LBA)


Local file corruption.


Credit goes to Paul Starzetz. He posted this vulnerability on a bt mailing list.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »