CVE-2017-12579 – Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-12579
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. Un binario contenedor de suid inseguro en el plugin HashiCorp Vagrant VMware Fusion (también conocido como vagrant-vmware-fusion), en la versión 4.0.24 y anteriores, permite que un usuario no root obtenga un shell root. Hashicorp vagrant-vmware-fusion versions 4.0.24 and below suffer from a local privilege escalation vulnerability. This is the same issue that affected the last version but the vendor failed to properly address the issue. • https://www.exploit-db.com/exploits/43223 https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html • CWE-427: Uncontrolled Search Path Element •
CVE-2017-11741 – Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-11741
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts. El plugin HashiCorp Vagrant VMware Fusion (también conocido como vagrant-vmware-fusion) en sus versiones anteriores a la 4.0.24 utiliza permisos débiles para los scripts sudo helper, permitiendo que usuarios locales ejecuten código arbitrario con privilegios root sobreescribiendo uno de los scripts. Hashicorp vagrant-vmware-fusion versions 4.0.23 and below suffer from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/43224 http://seclists.org/fulldisclosure/2017/Aug/0 https://m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4023.html • CWE-276: Incorrect Default Permissions •
CVE-2017-7642 – Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable. El asistente de comandos sudo en el plugin HashiCorp Vagrant VMware Fusion (también conocido como vagrant-vmware-fusion) en sus versiones anteriores a la 4.0.21 permite a los usuarios locales obtener privilegios root utilizando el error para verificar la ruta al script en ruby codificado o manipulando la variable PATH. Hashicorp vagrant-vmware-fusion versions 4.0.20 and below suffer from a local root privilege escalation vulnerability. • https://www.exploit-db.com/exploits/42334 http://seclists.org/fulldisclosure/2017/Jul/29 https://github.com/hashicorp/vagrant-plugin-changelog/blob/master/vagrant-vmware-changelog.md https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html • CWE-426: Untrusted Search Path •