Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

vm-support 0.88 File Overwrite / Information Disclosure

🗓️ 26 Aug 2014 00:00:00Reported by Dolev FarhiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 40 Views

vm-support 0.88 File Overwrite & Information Disclosure on Red Hat Enterprise Linux

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2014-4199
28 Aug 201415:00
cve
CVE		CVE-2014-4200
28 Aug 201415:00
cve
Cvelist		CVE-2014-4199
28 Aug 201415:00
cvelist
Cvelist		CVE-2014-4200
28 Aug 201415:00
cvelist
Debian CVE		CVE-2014-4199
28 Aug 201415:00
debiancve
Debian CVE		CVE-2014-4200
28 Aug 201415:00
debiancve
EUVD		EUVD-2014-4128
7 Oct 202500:30
euvd
EUVD		EUVD-2014-4129
7 Oct 202500:30
euvd
NVD		CVE-2014-4199
28 Aug 201415:14
nvd
NVD		CVE-2014-4200
28 Aug 201415:14
nvd
Rows per page
`Author: dolevf  
Date: 18.6.2014  
Version: vm-support latest version 0.88  
Tested on: Red Hat Enterprise Linux 6  
Relevant CVEs: 2014-4199, 2014-4200  
  
  
1. About the application  
------------------------  
VMware support is a tool designed to collect diagnostic information such   
as logs, configuration files and directories, from a virtualized guest   
system.  
vm-support is part of the vmware-tools pack.  
  
  
2. Vulnerabilities Descriptions:  
-----------------------------  
CVE-2014-4199: An attacker is able to over-write system files due to   
insecure creation of files in /tmp by running vm-support tool,   
potentially denying service to other users of the system.  
CVE-2014-4200: An attacker is able to extract sensitive files from the   
vm-support archive due to it having 0644 permissions and stored in /tmp   
folder.  
  
  
  
3. Release date  
--------------------  
26.8.2014  
  
  
4. proof of concept  
-----------------------  
  
CVE-2014-4199:  
=============  
runcmd "ifconfig -a" "/tmp/ifconfig.$$.txt"  
runcmd "mount" "/tmp/mount.$$.txt"  
runcmd "dmesg" "/tmp/dmesg.$$.txt"  
runcmd "ulimit -a" "/tmp/ulimit-a.$$.txt"  
  
  
  
CVE-2014-4200:  
=============  
[root@server1 tmp]# ls -ld vm-2014-08-26.25023.tar.gz  
-rw-r--r-- 1 root root 631081 Aug 26 17:19 vm-2014-08-26.25023.tar.gz  
  
  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Aug 2014 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.00041
vmware supportdiagnostic toolfile overwriteinformation disclosurered hat enterprise linux 62014-41992014-4200
40