Executive Summary
Summary | |
---|---|
Title | VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0. |
Informations | |||
---|---|---|---|
Name | VMSA-2010-0011 | First vendor Publication | 2010-07-13 |
Vendor | VMware | Last vendor Modification | 2010-07-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware Studio 2.0 remote command execution by Studio user VMware Studio is a development tool to create and manage virtual appliances. VMware Studio itself is a virtual appliance. A vulnerability in the Virtual Appliance Management Infrastructure (VAMI) allows for remote command execution in Studio 2.0 or in virtual appliances created with Studio 2.0. Exploitation of the issue requires authentication to Studio or to the virtual appliance. Studio 2.0 ---------- The vulnerability may be exploited on Studio if both of these conditions apply: - you have Studio 2.0 and - you have created a user account with limited privileges (this is not the default configuration). Studio is by default shipped with the root user account and no other user accounts. For this reason, exploitation of the vulnerability would not yield any gain for an attacker since the attacker would need to know the credentials of the root user account in order to launch an attack. If an attacker knows the credentials of the root user, the attacker will have other avenues to compromise Studio. In case another user account with limited privileges has been added to Studio, the exploitation of the issue may lead to remote command execution by the attacker. The attacker would still need to know the credentials of the additional user account in order to launch an attack. Virtual appliances created with Studio 2.0 ------------------------------------------ The vulnerability may be exploited on a virtual appliance if both of these conditions apply: - the virtual appliance was created with Studio 2.0 and - the virtual appliance has a user account with limited privileges. The following command will show which version of Studio was used to create the virtual appliance: "vamicli version --studio" If the issue can be exploited, the following will remove this possibility: - disable user accounts that have limited privileges or - disable the vami-sfcbd daemon (note: this will prevent the use of VAMI features such as using the web interface to set the network configuration) or - recreate the virtual appliance using Studio 2.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2667 to this issue. VMware would like to thank Claudio Criscione of Secure Network for reporting this issue to us. b. VMware Studio 2.0 local privilege escalation vulnerability VMware Studio is a development tool to create and manage virtual appliances. VMware Studio itself is a virtual appliance. A vulnerability in the way temporary files are written may lead to a privilege escalation in Studio 2.0. Exploitation of the issue requires authentication to the system running Studio. Virtual appliances created with Studio 2.0 are not affected. Studio is by default shipped with the root user account and no other user accounts. For this reason, exploitation of the vulnerability would not yield any gain for an attacker since the attacker would need to know the credentials of the root user account in order to launch an attack. If an attacker knows the credentials of the root user, the attacker will have other avenues to compromise Studio. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2427 to this issue. VMware would like to thank Claudio Criscione of Secure Network for reporting this issue to us. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2010-0011.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66434 | VMware Studio Privilege VAMI Unspecified Arbitrary Command Execution |
66433 | VMware Studio Privilege Unspecified Temporary File Handling Local Privilege E... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-07-22 | IAVM : 2010-B-0054 - Multiple Vulnerabilities in VMware Studio Severity : Category II - VMSKEY : V0024858 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-23 | Name : The remote VMware host is missing one or more security-related patches. File : vmware_VMSA-2010-0011.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:16 |
|
2013-11-11 12:41:39 |
|