42 matches found
EUVD-2017-7303
Malware in sbrugna...
EUVD-2017-8047
Malware in sbrugna...
Hashicorp vagrant-vmware-fusion elevation of privilege vulnerability
Hashicorp vagrant-vmware-fusion is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in Hashicorp vagrant-vmware-fusion versions 4.0.25 through 5.0.4. An attacker can exploit the vulnerability to...
Hashicorp vagrant-vmware-fusion local elevation of privilege vulnerability
Hashicorp vagrant-vmware-fusion is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. vagrant update is one of the update processes. A security vulnerability exists in the vagrant update process in Hashicorp vagrant-vmware-fusion...
Hashicorp vagrant-vmware-fusion local elevation of privilege vulnerability (CNVD-2018-09642)
Hashicorp vagrant-vmware-fusion is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in Hashicorp vagrant-vmware-fusion version 5.0.4. A local attacker could exploit the vulnerability to gain root...
CVE-2017-16512
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available...
CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed...
CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed...
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges...
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges...
CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed...
CVE-2017-16512
The CVE-2017-16512 entry describes a local privilege escalation in Hashicorp vagrant-vmware-fusion, affecting versions 5.0.2 through 5.0.4. The vulnerability exists in the vagrant update process and lets a local attacker steal root privileges via a crafted update request when no updates are avail...
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges...
CVE-2017-16839
CVE-2017-16839 affects Hashicorp vagrant-vmware-fusion 5.0.4. Connected sources confirm a local elevation of privilege: a local attacker could obtain root privileges, with the NVD note tying this to scenarios where VMware Fusion is not installed. The CNVD entry reinforces a local privilege escala...
Hashicorp vagrant-vmware-fusion 5.0.0 Local Privilege Escalation
After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and the sudo helper itself is one static Go binary with...
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and...
Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which...
Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 5.0.1 - Local Privilege Escalation I recently blogged about how the installation process of version 5.0.0 of this plugin could be hihacked by a local attacker or malware in order to escalate privileges to root. Hashicorp pushed some mitigations for this issue fairl...
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp...
Hashicorp vagrant-vmware-fusion 5.0.3 Local Privilege Escalation
Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's a straight to root privesc with no user interaction so isn't the ki...