Vigil@nce - Vmware vSphere: privilege escalation via vMA
May 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the command vmatargetcon, to gain root
privileges.
Severity: 2/4
Creation date: 17/05/2011
IMPACTED PRODUCTS
– VMware vSphere
DESCRIPTION OF THE VULNERABILITY
The vSphere Management Assistant (vMA) allows administrators and
developers to run scripts and agents to manage ESX/ESXi and
vCenter Server systems.
The sudo program allows to execute commands with privileged
rights. The configuration file /etc/sudoers shows how to invoke
the command vmatargetcon:
vi-admin ... / usr / bin / vmatargetcon
However, the configuration command vmatargetcon in /etc/sudoers
allows injection parameters, opening a bash shell.
A local attacker can therefore use the command vmatargetcon, to
gain root privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Vmware-vSphere-privilege-escalation-via-vMA-10662