Description
- -----------

The following products have a vulnerability that can allow a non-root =
user of
the host system to delete files.

VMware Workstation 4.0.1 (for Linux systems) build 5289 and earlier =
releases =20

Details/Impact
- --------------

By manipulating symbolic links, a non-root user can delete files in any
directory.

Customers running any version of VMware Workstation (for Windows =
operating
systems) are not subject to this vulnerability.=20

Resolutions:

VMware plans to release a patch that will resolve this problem
shortly.  VMware will announce details when available.

- - How to get the patched release
- - How to install a patched release
- - A knowledge base article


Notes
- -----

* VMware thanks Paul Szabo of the University of Sydney for alerting us
to this vulnerability.

His Web page is at:=20

http://www.maths.usyd.edu.au:8000/u/psz/

- -----------------
This document is clear signed with PGP. =20

VMware has the PGP public key available at

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=3D1039

Some mail programs cause changes to mail messages and content, which may =
result
in an indication that the PGP signature for this message is not valid.  =
This
may also occur if this message is forwarded through another email =
distribution
list that changes the "From" field.  Please try to save the message into =
a file
and then running PGP on it.