lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 26 Aug 2014 14:37:21 +0000
From: "Dolev Farhi" <>
Subject: [FD] VMware vm-support multiple vulnerabilities

Author: dolevf
Date: 18.6.2014
Version: vm-support latest version 0.88
Tested on: Red Hat Enterprise Linux 6
Relevant CVEs: 2014-4199, 2014-4200

1. About the application
VMware support is a tool designed to collect diagnostic information such 
as logs, configuration files and directories, from a virtualized guest 
vm-support is part of the vmware-tools pack.

2. Vulnerabilities Descriptions:
CVE-2014-4199: An attacker is able to over-write system files  due to 
insecure creation of files in /tmp by running vm-support tool, 
potentially denying service to other users of the system.
CVE-2014-4200:  An attacker is able to extract sensitive files from the 
vm-support archive due to it having 0644 permissions and stored in /tmp 

3. Release date

4. proof of concept

  runcmd "ifconfig -a" "/tmp/ifconfig.$$.txt"
  runcmd "mount" "/tmp/mount.$$.txt"
  runcmd "dmesg" "/tmp/dmesg.$$.txt"
  runcmd "ulimit -a" "/tmp/ulimit-a.$$.txt"

[root@...ver1 tmp]# ls -ld vm-2014-08-26.25023.tar.gz
-rw-r--r-- 1 root root 631081 Aug 26 17:19 vm-2014-08-26.25023.tar.gz

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists