CVSS: 6.9EPSS: 0%CPEs: 23EXPL: 2CVE-2013-1662 – VMware - Setuid VMware-mount Unsafe popen
https://notcve.org/view.php?id=CVE-2013-1662
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. vmware-mount en VMware Workstation v8.x y v9.x y VMware Player v4.x y v5.x, en sistemas basados en Debian GNU/Linux, permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host manipulando la ruta del directorio del ejecutable lsb_release, relacionado con el uso de la librería de funciones popen. VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us. • https://www.exploit-db.com/exploits/27938 https://www.exploit-db.com/exploits/40169 http://blog.cmpxchg8b.com/2013/08/security-debianisms.html http://www.vmware.com/security/advisories/VMSA-2013-0010.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 96%CPEs: 7EXPL: 1CVE-2013-3520 – VMware vCenter Chargeback Manager ImageUploadServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-3520
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. VMware vCenter Chargeback Manager (aka CBM) anterior a 2.5.1 no maneja adecuadamente las subidas, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Chargeback Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the ImageUploadServlet. This service exposes the functionality which contains a flaw that allows attackers to create files at arbitrary locations with attacker controlled data. • https://www.exploit-db.com/exploits/27046 http://www.vmware.com/security/advisories/VMSA-2013-0008.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3080
https://notcve.org/view.php?id=CVE-2013-3080
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. VMware vCenter Server Appliance (vcsa) v5.1 antes Update 1 permite a los usuarios remotos autenticados crear o sobreescribir archivos arbitrarios, y por lo tanto ejecutar código arbitrario o causar una denegación de servicio, aprovechando la interfaz de administración de dispositivo virtual (VAMI) Acceso a la interfaz web. • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3107
https://notcve.org/view.php?id=CVE-2013-3107
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. VMware vCenter Server v5.1 Update 1 antes, cuando el enlace LDAP anónimo para Active Directory está activado, permite a atacantes remotos evitar la autenticación proporcionando un nombre de usuario válido en combinación con una contraseña vacía. • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3079
https://notcve.org/view.php?id=CVE-2013-3079
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. VMware vCenter Server Appliance (vcsa) v5.1 antes Update 1 permite a los usuarios remotos autenticados ejecutar programas arbitrarios con privilegios de root mediante el aprovechamiento de la interfaz de administración Virtual Appliance (VAMI) de acceso. • http://www.vmware.com/security/advisories/VMSA-2013-0006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •