Hashicorp vagrant-vmware-fusion 5.0.3 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's a straight to...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately...

Hashicorp vagrant-vmware-fusion 5.0.3 Local Privilege Escalation

Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's a straight to root privesc with no user interaction so isn't the ki...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation

A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately contained a bug that prevented it from working at all...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation

Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which...

Hashicorp vagrant-vmware-fusion 5.0.0 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and the sudo help...

Hashicorp vagrant-vmware-fusion 5.0.3 - Local Privilege Escalation

Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's a straight to root privesc with no user interaction so isn't the ki...

Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation

After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and the sudo helper itself is one static Go binary with...

Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation

Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and...

CVE-2017-16777

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

Design/Logic Flaw

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

CVE-2017-16777

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

CVE-2017-16777

The CVE-2017-16777 issue affects the HashiCorp Vagrant VMware Fusion plugin (vagrant-vmware-fusion) version 5.0.3. The vulnerability arises when VMware Fusion is not installed but the plugin is present; a local attacker can create a fake application directory and abuse the plugin’s suid root sudo...

CVE-2017-11741

HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts...

CVE-2017-11741

HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts...

HashiCorp Vagrant VMware Fusion Plugin Elevation of Privilege Vulnerability

HashiCorp Vagrant VMware Fusion plugin is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in the sudo helper in HashiCorp Vagrant VMware Fusion plugin versions prior to 4.0.21. A local attacker...

Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation

CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion = 4.0.23 2 Aug 2017 06:49 A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html The...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

Design/Logic Flaw

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...