what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Horizon's macOS Client Code Injection

VMware Horizon's macOS Client Code Injection
Posted Jul 12, 2017
Authored by Florian Bogner

VMware Horizon's macOS client versions prior to 4.5 suffer from a code injection vulnerability.

tags | advisory
advisories | CVE-2017-4918
SHA-256 | f66d718ae51d75bdcc8a8fa9026bde7c7516f85ea2777a8579d4c319165f6016

VMware Horizon's macOS Client Code Injection

Change Mirror Download
CVE-2017-4918: Code Injection in VMware Horizonas macOS Client

Metadata
===================================================
Release Date: 10-July-2017
Author: Florian Bogner // https://bogner.sh
Affected product: VMware Horizonas macOS Client
Fixed in: Version 4.5
Tested on: OS X El Capitan 10.11.6
CVE: CVE-2017-4918
URL: https://bogner.sh/2017/07/cve-2017-4918-code-injection-in-vmware-horizons-macos-client/
Vulnerability Status: Fixed

Product Description
===================================================
VMware Horizon 7 is the leading platform for virtual desktops and applications.
Provide end users access to all of their virtual desktops, applications, and online services through a single digital workspace.

Vulnerability Description
===================================================
An issue within a shell script of VMware Horizon's macOS client could be abused to load arbitrary kernel extensions. In detail, this was possible because a user modifiable environment variable was used to build the command line for a highly privileged command.

Further technical details can be found on my blog: https://bogner.sh/2017/07/cve-2017-4918-code-injection-in-vmware-horizons-macos-client/

Suggested Solution
===================================================
Update to the latest version (fixed in 4.5)

Disclosure Timeline
===================================================
21-04-2017: The issues has been documented and reported
24-04-2017: VMware started investigating
06-06-2017: Fix ready
08-06-2017: Updated Horizon version 4.5 alongside security advisory VMSA-2017-0011 released

Florian Bogner

eMail: florian@bogner.sh
Web: http://www.bogner.sh
LinkedIn: https://www.linkedin.com/profile/view?id=368904276
Xing: https://www.xing.com/profile/Florian_Bogner9
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close