lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Dec 2012 11:11:36 -0600 From: ddivulnalert <ddivulnalert@...frontline.com> To: <full-disclosure@...ts.grok.org.uk> Subject: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) Title ----- DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) Severity -------- High Date Discovered --------------- September 26, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@...$ Vulnerability Description ------------------------- The tunnel-server component of the VMware View Connection Server fails to ensure that each requested URL refers to a file that is both located within the web root of the server and is of a type that is allowed to be served. A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system. This can be accomplished by submitting URL encoded HTTP GET requests that traverse out of the affected subdirectory. Solution Description -------------------- VMware has produced a solution for the issue in the form of an upgrade which is available through their website. The VMware advisory can be found: http://www.vmware.com/security/advisories/VMSA-2012-0017.html Vulnerable Software ------------------------- VMware View 5.x prior to version 5.1.2 VMware View 4.x prior to version 4.6.2 Vendor Contact -------------- Vendor Name: VMware, Inc. Vendor Website: http://www.vmware.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists