Vulnerabilities for Vagrant vmware fusion (...) - CXSECURITY.COM

Vulnerabilities for 'Vagrant vmware fusion'

2018-03-29

CVE-2017-16873

CWE-noinfo

It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges.

CVE-2017-16839

CWE-noinfo

Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.

CVE-2017-16512

CWE-362

The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.

2017-10-31

CVE-2017-15884

CWE-362

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

2017-10-19

CVE-2017-12579

CWE-427

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.

2017-08-08

CVE-2017-11741

CWE-276

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.

2017-08-02

CVE-2017-7642

CWE-426

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

>>> Vendor: Hashicorp 15 Products

Vagrant vmware fusion

Terraform enterprise

Vault-ssh-helper

Vault provider for secrets store csi driver

Terraform provider

Copyright 2024, cxsecurity.com