lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 14 Dec 2012 11:11:36 -0600
From: ddivulnalert <ddivulnalert@...frontline.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DDIVRT-2012-48 VMware View Connection Server
	Directory Traversal (CVE-2012-5978)

Title
-----
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)

Severity
--------
High

Date Discovered
---------------
September 26, 2012

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: r@...$

Vulnerability Description
-------------------------
The tunnel-server component of the VMware View Connection Server fails
to ensure that  each requested URL refers to a file that is both
located within the web root of the server and is of a type that is
allowed to be served. 

A remote unauthenticated attacker can use this weakness to retrieve
arbitrary files from the affected server's underlying root file
system. This can be accomplished by submitting URL encoded HTTP GET
requests that traverse out of the affected subdirectory.

Solution Description
--------------------
VMware has produced a solution for the issue in the form of an upgrade
which is available through their website. The VMware advisory can be
found: http://www.vmware.com/security/advisories/VMSA-2012-0017.html

Vulnerable Software
-------------------------
VMware View 5.x prior to version 5.1.2
VMware View 4.x prior to version 4.6.2

Vendor Contact
--------------
Vendor Name: VMware, Inc.
Vendor Website: http://www.vmware.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists