SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware ESXi Vendors:   VMware
(VMware Issues Fix for ESX) Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1028608
SecurityTracker URL:  http://securitytracker.com/id/1028608
CVE Reference:   CVE-2012-3440   (Links to External Site)
Updated:  Dec 6 2013
Original Entry Date:  May 31 2013
Impact:   Modification of system information, Modification of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ESX 4.0, 4.1
Description:   A vulnerability was reported in Sudo on Red Hat Enterprise Linux. A local user can obtain elevated privileges on the target system. VMware ESX is affected.

A local user can exploit a temporary file symbolic link flaw in the %postun script to overwrite arbitrary files or modify the contents of the "/etc/nsswitch.conf" file when the sudo package is upgraded or removed.

This can be exploited to gain elevated privileges on the target system.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   VMware has issued a fix for VMware ESX.

For 4.0: ESX400-201305402-SG
For 4.1: ESX410-201312401-SG

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2013-0007.html

Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Aug 8 2012 Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges



 Source Message Contents

Subject:  [Security-announce] NEW VMSA-2013-0007 VMware ESX third party update for Service Console package sudo

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2013-0007
Synopsis:    VMware ESX third party update for Service Console package sudo
Issue date:  2013-05-30
Updated on:  2013-05-30 (initial advisory)
CVE number:  CVE-2012-2337, CVE-2012-3440
- -----------------------------------------------------------------------

1. Summary

    VMware ESX third party update for Service Console package sudo

2. Relevant releases

    VMware ESX 4.0 without patch ESX400-201305001

3. Problem Description

  a. Service Console update for sudo
      
      The service console package sudo is updated to version 
      1.7.2p1-14.el5_8.3

      The Common Vulnerabilities and Exposures project (cve.mitre.org) 
      has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issue 
      addressed in this update. 

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available. 

        VMware		Product	Running	Replace with/
        Product		Version	on	Apply Patch
        =============	=======	=======	=================
	ESXi		any	ESXi	not affected

	ESX		4.1	ESX	Patch Pending
	ESX		4.0	ESX	ESX400-201305402-SG

 4. Solution

      Please review the patch/release notes for your product and version 
      and verify the checksum of your downloaded file. 

      ESXi and ESX 
      --------------------------
      https://www.vmware.com/patchmgr/download.portal


      ESX 4.0 
      -------
      File: ESX400-201305001.zip 
      md5sum: c9ac91d3d803c7b7cb9df401c20b91c0 
      sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
      https://kb.vmware.com/kb/2044240
      ESX400-201305001 contains ESX400-201305402-SG
      
   
5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2337
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3440


- -----------------------------------------------------------------------

6. Change log

   2013-05-30 VMSA-2013-0007
   Initial security advisory in conjunction with the release of ESX 4.0
   patches on 2013-05-30.

- -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
   
   This Security Advisory is posted to the following lists:
   
     * security-announce at lists.vmware.com
     * bugtraq at securityfocus.com
     * full-disclosure at lists.grok.org.uk
   
   E-mail:  security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055
   
   VMware Security Advisories
   http://www.vmware.com/security/advisories
   
   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html
   
   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html
   
   VMware Infrastructure support life cycle policy
   http://www.vmware.com/support/policies/eos_vi.html
   
   Copyright 2013 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFRqCSyDEcm8Vbi9kMRAo4NAJ48+50wdSXvLgwkthMju5MmEvgd4QCfULk2
A6v/h02vlKKYy2sVY9VT1Nw=
=QIV+
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
http://lists.vmware.com/mailman/listinfo/security-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC