vm-support 0.88 File Overwrite / Information Disclosure

2014.08.27
Credit: dolevf
Risk: Low
Local: Yes
Remote: No
CWE: N/A

Author: dolevf Date: 18.6.2014 Version: vm-support latest version 0.88 Tested on: Red Hat Enterprise Linux 6 Relevant CVEs: 2014-4199, 2014-4200 1. About the application ------------------------ VMware support is a tool designed to collect diagnostic information such as logs, configuration files and directories, from a virtualized guest system. vm-support is part of the vmware-tools pack. 2. Vulnerabilities Descriptions: ----------------------------- CVE-2014-4199: An attacker is able to over-write system files due to insecure creation of files in /tmp by running vm-support tool, potentially denying service to other users of the system. CVE-2014-4200: An attacker is able to extract sensitive files from the vm-support archive due to it having 0644 permissions and stored in /tmp folder. 3. Release date -------------------- 26.8.2014 4. proof of concept ----------------------- CVE-2014-4199: ============= runcmd "ifconfig -a" "/tmp/ifconfig.$$.txt" runcmd "mount" "/tmp/mount.$$.txt" runcmd "dmesg" "/tmp/dmesg.$$.txt" runcmd "ulimit -a" "/tmp/ulimit-a.$$.txt" CVE-2014-4200: ============= [root@server1 tmp]# ls -ld vm-2014-08-26.25023.tar.gz -rw-r--r-- 1 root root 631081 Aug 26 17:19 vm-2014-08-26.25023.tar.gz


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top