Unrated severityNVD Advisory· Published Jun 5, 2008· Updated Apr 23, 2026

CVE-2008-0967

Description

Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.

Affected products

VMware/Esxi
cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
VMware/Esx Server5 versions
cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx_server:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx_server:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*
VMware/Player11 versions
cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*
VMware/Server6 versions
cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*
VMware/Workstation11 versions
cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
VMware/Esx3 versions
cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000