42 matches found
EUVD-2017-7303
Malware in sbrugna...
EUVD-2017-8047
Malware in sbrugna...
Hashicorp vagrant-vmware-fusion local elevation of privilege vulnerability
Hashicorp vagrant-vmware-fusion is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. vagrant update is one of the update processes. A security vulnerability exists in the vagrant update process in Hashicorp vagrant-vmware-fusion...
Hashicorp vagrant-vmware-fusion elevation of privilege vulnerability
Hashicorp vagrant-vmware-fusion is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in Hashicorp vagrant-vmware-fusion versions 4.0.25 through 5.0.4. An attacker can exploit the vulnerability to...
Hashicorp vagrant-vmware-fusion local elevation of privilege vulnerability (CNVD-2018-09642)
Hashicorp vagrant-vmware-fusion is a tool for building and managing virtual machine environments on VMware virtual machines developed by HashiCorp, USA. A security vulnerability exists in Hashicorp vagrant-vmware-fusion version 5.0.4. A local attacker could exploit the vulnerability to gain root...
CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed...
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges...
CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed...
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges...
CVE-2017-16512
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available...
CVE-2017-16839
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed...
CVE-2017-16839
CVE-2017-16839 affects Hashicorp vagrant-vmware-fusion 5.0.4. Connected sources confirm a local elevation of privilege: a local attacker could obtain root privileges, with the NVD note tying this to scenarios where VMware Fusion is not installed. The CNVD entry reinforces a local privilege escala...
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges...
CVE-2017-16512
The CVE-2017-16512 entry describes a local privilege escalation in Hashicorp vagrant-vmware-fusion, affecting versions 5.0.2 through 5.0.4. The vulnerability exists in the vagrant update process and lets a local attacker steal root privileges via a crafted update request when no updates are avail...
Hashicorp vagrant-vmware-fusion 5.0.0 Local Privilege Escalation
After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and the sudo helper itself is one static Go binary with...
Hashicorp vagrant-vmware-fusion 5.0.0 - Local root Privilege Escalation Exploit
Exploit for macOS platform in category local exploits After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and the sudo help...
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 5.0.0 - Local Privilege Escalation After three CVEs and multiple exploits disclosed to Hashicorp they have finally upped their game with this plugin. Now the previously vulnerable non-root-owned ruby code that get executed as root by the sudo helper is no more and...
Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation
Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which...
Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation Exploit
Exploit for macOS platform in category local exploits A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately...
Hashicorp vagrant-vmware-fusion 4.0.24 - Local root Privilege Escalation Exploit
Exploit for macOS platform in category local exploits I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out...