VMware Fusion USB Arbitrator Setuid Privilege Escalation

This exploits an improper use of setuid binaries within VMware Fusion 10.1.3 - 11.5.3. The Open VMware USB Arbitrator Service can be launched outide of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, a...

EulerOS 2.0 SP5 : bash (EulerOS-SA-2020-1303)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in disableprivmode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to...

CVE-2020-3950

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

CVE-2020-3950

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

Privilege escalation

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

CVE-2020-3950

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

CVE-2020-3950

Mode C: CVE-2020-3950 affects VMware Fusion (11.x up to 11.5.1/11.5.2), VMware Remote Console for Mac (11.x up to 11.0.1), and Horizon Client for Mac (5.x up to 5.4.0). Root cause: improper use of setuid binaries enabling local privilege escalation from a normal user to root on systems running th...

CVE-2020-3950

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities (CVE-2020-3950, CVE-2020-3951)

3a. Privilege escalation vulnerability via setuid binaries CVE-2020-3950 VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries. VMware has evaluated the severity of this issue to be in the Important severity rang...

CVE-2020-3950

VMware Fusion 11.x before 11.5.2, VMware Remote Console for Mac 11.x and prior before 11.0.1 and Horizon Client for Mac 5.x and prior before 5.4.0 contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with...

VMSA-2020-0005:VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities

Advisory ID: VMSA-2020-0005.2 CVSSv3 Range: 3.2-7.3 Issue Date:2020-03-17 Updated On: 2020-03-24 CVEs: CVE-2020-3950, CVE-2020-3951 Synopsis: VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities...

ALPINE-CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

DEBIAN-CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

Fedora 30 : glibc (2020-c32e4b271c)

This update incorporates fixes from the upstream glibc 2.29 stable release branch, including a fix for a minor security vulnerability LDPREFERMAP32BITEXEC not ignored in setuid binaries. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...

UBUNTU-CVE-2020-5212

In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libguestfs-winsupport (EulerOS-SA-2019-2253)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Solaris xlock Information Disclosure

@Mediaservice.net Security Advisory 2020-01 last updated on 2020-01-15 Title: Low impact information disclosure via Solaris xlock Application: Setuid root xlock binary distributed with Solaris Platforms: Oracle Solaris 11.x confirmed on 11.4 X86 Oracle Solaris 10 confirmed on 10 1/13 X86...