Re: vmware bug?

From: Jose Tavares (jat@terra.com.br)
Date: 07/31/01


Message-Id: <4.3.2.7.2.20010731022743.02277750@200.248.135.1>
Date: Tue, 31 Jul 2001 02:42:06 -0300
To: bugtraq@securityfocus.com
From: Jose Tavares <jat@terra.com.br>
Subject: Re: vmware bug?

At 15:57 30/07/01 -0400, you wrote:
>oi oi.. i recently installed vmware (the latest release of the workstation
>thing) and it crashed once or twice. But never mind that. in /tmp i found
>a file called vmware-log.starman. starman being my user on the box. Inside
>in this file is my license information and it's chmod is 777. That's kinda
>nasty don't ya think? has anyone seen similar things?
>lates
>sj

not confirmed!
when the same version of vmware is run here (2.0.4 build-1142) it puts a
vmware-log.user in the /tmp but it's chmod is 644 ...

the licensekey is in this file but the hash isn't!

but... stealing another users license is easy...

the license2.0 file in the home directory is 644 too and ~/.vmware dir is
755 ...

--
              Jose Antonio Alves Tavares Filho "_]{ILLER_"
--
    A Computer Science Student at UCPel  Pelotas/RS  Brazil
    ICQ#  6093525
         98821689
         98400508
--
    "The BeOS takes the best features from the major
    operating systems. It's got the power and flexibility
    of Unix, the interface and ease of use of the MacOS,
    and Minesweeper from Windows." --Tyler Riti
===================================================================