4723 matches found
CVE-2017-13707
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd...
LinEnum v0.6 - Scripted Local Linux Enumeration and Privilege Escalation Checks
LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...
CVE-2017-11741
HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts...
CVE-2017-11741
HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts...
HashiCorp Vagrant VMware Fusion Plugin Elevation of Privilege Vulnerability
HashiCorp Vagrant VMware Fusion plugin is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in the sudo helper in HashiCorp Vagrant VMware Fusion plugin versions prior to 4.0.21. A local attacker...
Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation
CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion = 4.0.23 2 Aug 2017 06:49 A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html The...
CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...
Design/Logic Flaw
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...
CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...
CVE-2017-7642
The CVE-2017-7642 entry concerns the HashiCorp Vagrant VMware Fusion plugin (vagrant-vmware-fusion) prior to 4.0.21. The vulnerability is a local privilege escalation via the plugin’s sudo helper, caused by failure to verify the path to the encoded Ruby script or by manipulating the PATH variable...
SSH Commands Require Privilege Escalation
This plugin reports the SSH commands that failed with a response indicating that privilege escalation is required to run them. Either privilege escalation credentials were not provided, or the command failed to run with the provided privilege escalation credentials. NOTE: Due to limitations...
Hashicorp vagrant-vmware-fusion 4.0.20 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.20 - Local Privilege Escalation I'm a big fan of Hashicorp but this is an awful bug to have in software of their calibre. Their vagrant plugin for vmware fusion uses a product called Ruby Encoder to protect their proprietary ruby code. It does this by turning t...
Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation Exploit
Exploit for macOS platform in category local exploits I'm a big fan of Hashicorp but this is an awful bug to have in software of their calibre. Their vagrant plugin for vmware fusion uses a product called Ruby Encoder to protect their proprietary ruby code. It does this by turning the ruby code...
Fedora 26 : sudo (2017-8b250ebe97)
update to 1.8.20p2 - added sudo package to dnf/yum protected packages ---- - update to 1.8.20p1 - fixes CVE-2017-1000367 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...
Virtuozzo 7 : sudo / sudo-devel (VZLSA-2016-2872)
An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Updated sudo packages fix security vulnerability
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367...
MGASA-2017-0207 Updated sudo packages fix security vulnerability
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367...
Virtuozzo 6 : sudo / sudo-devel (VZLSA-2017-1382)
An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Virtuozzo 6 : sudo / sudo-devel (VZLSA-2017-1574)
An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...
EulerOS 2.0 SP2 : sudo (EulerOS-SA-2017-1121)
According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process statu...