lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6def383d-0990-94b4-0421-d8bdd44cd5ca@securify.nl>
Date: Sat, 29 Apr 2017 13:50:28 +0200
From: "Securify B.V." <lists@...urify.nl>
To: fulldisclosure@...lists.org
Subject: [FD] Multiple local privilege escalation vulnerabilities in
 HideMyAss Pro VPN client v2.x for OS X

------------------------------------------------------------------------
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN
client v2.x for OS X
------------------------------------------------------------------------
Han Sahin, April 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple local privilege escalation vulnerabilities were found in the
helper binary HMAHelper that ships with HideMyAss Pro VPN for OS X. The
helper is installed setuid root and responsible for loading Kernel
Extensions (kext) and managing VPN firewall rules. These issues can be
leveraged by a local attacker to gain elevated (root) privileges.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was tested on HMA Pro VPN version 2.2.7.0 for OS X

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
HMA Support has reported that this issue will not be fixed. Version
2.2.7.0. is still available for download and was earlier this year also
available in the Mac App Store. It seems that this version is still
available for older versions of OS X (OS X 10.7 - 10.11).

It should be noted the latest version of HMA Pro VPN for OS X (version
3.3.0.3) is vulnerable to a similar local privilege escalation issue
that is also not fixed at the time of writing.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170402/multiple_local_privilege_escalation_vulnerabilities_in_hidemyass_pro_vpn_client_v2_x_for_os_x.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ