exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Update Manager Directory Traversal

VMware Update Manager Directory Traversal
Posted Nov 21, 2011
Authored by Alexey Sintsov

VMware Update Manager versions 4.1 prior to update 2 suffer from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2011-4404
SHA-256 | 06ec687238eb262116fe18b7c8d44a43f0193289ae66d84ef77ac981152300c0

VMware Update Manager Directory Traversal

Change Mirror Download
DSECRG-11-042 VMware Update Manager - Directory Traversal


Application: VMware Update Manager
Versions Affected: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4.0 prior to Update 4
Vendor URL: http://vmware.com
Bugs: Directory Traversal File Read
CVE: CVE-2011-4404
CVSS2: 7.8
Exploits: YES
Reported: 06.06.2010
Vendor response: 06.06.2010
Date of Public Advisory: 18.11.2011
Authors: Alexey Sintsov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)

Description
********
Directory Traversal vulnerability was found in Jetty web server that is used by VMware Update manager.

Details
*******
Directory Traversal vulnerability was found in Jetty web server that is used by VUM.
With this vulnerability, an non-authenticated attacker can read any file on the server (with rights of the process).

Sample
******
http://<target>:9084/vci/downloads/.\..\..\..\..\..\..\..\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\rui.key


References
**********

http://dsecrg.com/pages/vul/show.php?id=342
http://www.vmware.com/security/advisories/VMSA-2011-0014.html


Fix Information
*************

Vendor make fix for this issue:
Fixed in Update Manager 5.0 Windows not affected
Fixed in Update Manager 4.1 Windows Update 2
Fixed in Update Manager 4.0 Windows Update 4

About DSecRG
*******
The main mission of DSecRG is to conduct researches of business critical systems such as ERP, CRM, SRM, BI, SCADA, banking software and others. The result of this work is then integrates in ERPScan Security Scanner. Being on the top edge of ERP and SAP security DSecRG research helps to improve a quality of ERPScan consulting services and protects you from the latest threads.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com

About ERPScan
*******
ERPScan is an innovative company engaged in the research of ERP security and develops products for ERP system security assessment. Apart from this the company renders consulting services for secure configuration, development and implementation of ERP systems, and conducts comprehensive assessments and penetration testing of custom solutions.
Our flagship products are "ERPScan Security Scanner for SAP" and service "ERPScan Online" which can help customers to perform automated security assessments and compliance checks for SAP solutions.

Contact: info [at] erpscan [dot] com
http://www.erpscan.com

Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close