VMware Horizon Client Insecure suid Binary Lets Local Users Obtain Root Privileges
|
SecurityTracker Alert ID: 1040989 |
SecurityTracker URL: http://securitytracker.com/id/1040989
|
CVE Reference:
CVE-2018-6964
(Links to External Site)
|
Date: May 29 2018
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Client for Linux 4.x and prior
|
Description:
A vulnerability was reported in VMware Horizon Client. A local user can obtain root privileges on the target system.
A local user can exploit an insecure set user id (setuid) binary to gain root privileges on the target system.
VMware Horizon Client for Linux is affected.
Nassim Abbaoui, pentester at OVH, reported this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
VMware has issued a fix (Client 4.8.0).
The VMware advisory is available at:
http://www.vmware.com/security/advisories/VMSA-2018-0014.html
|
Vendor URL: www.vmware.com/security/advisories/VMSA-2018-0014.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|