Executive Summary

Summary
Title VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.
Informations
Name VMSA-2010-0011 First vendor Publication 2010-07-13
Vendor VMware Last vendor Modification 2010-07-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

a. VMware Studio 2.0 remote command execution by Studio user

VMware Studio is a development tool to create and manage virtual appliances. VMware Studio itself is a virtual appliance.

A vulnerability in the Virtual Appliance Management Infrastructure (VAMI) allows for remote command execution in Studio 2.0 or in virtual appliances created with Studio 2.0. Exploitation of the issue requires authentication to Studio or to the virtual appliance.

Studio 2.0 ---------- The vulnerability may be exploited on Studio if both of these conditions apply: - you have Studio 2.0 and - you have created a user account with limited privileges (this is not the default configuration).

Studio is by default shipped with the root user account and no other user accounts. For this reason, exploitation of the vulnerability would not yield any gain for an attacker since the attacker would need to know the credentials of the root user account in order to launch an attack. If an attacker knows the credentials of the root user, the attacker will have other avenues to compromise Studio.

In case another user account with limited privileges has been added to Studio, the exploitation of the issue may lead to remote command execution by the attacker. The attacker would still need to know the credentials of the additional user account in order to launch an attack.

Virtual appliances created with Studio 2.0 ------------------------------------------ The vulnerability may be exploited on a virtual appliance if both of these conditions apply: - the virtual appliance was created with Studio 2.0 and - the virtual appliance has a user account with limited privileges.

The following command will show which version of Studio was used to create the virtual appliance: "vamicli version --studio"

If the issue can be exploited, the following will remove this possibility: - disable user accounts that have limited privileges or - disable the vami-sfcbd daemon (note: this will prevent the use of VAMI features such as using the web interface to set the network configuration) or - recreate the virtual appliance using Studio 2.1.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2667 to this issue.

VMware would like to thank Claudio Criscione of Secure Network for reporting this issue to us.

b. VMware Studio 2.0 local privilege escalation vulnerability

VMware Studio is a development tool to create and manage virtual appliances. VMware Studio itself is a virtual appliance.

A vulnerability in the way temporary files are written may lead to a privilege escalation in Studio 2.0. Exploitation of the issue requires authentication to the system running Studio. Virtual appliances created with Studio 2.0 are not affected.

Studio is by default shipped with the root user account and no other user accounts. For this reason, exploitation of the vulnerability would not yield any gain for an attacker since the attacker would need to know the credentials of the root user account in order to launch an attack. If an attacker knows the credentials of the root user, the attacker will have other avenues to compromise Studio.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2427 to this issue.

VMware would like to thank Claudio Criscione of Secure Network for reporting this issue to us.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2010-0011.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
66434 VMware Studio Privilege VAMI Unspecified Arbitrary Command Execution

66433 VMware Studio Privilege Unspecified Temporary File Handling Local Privilege E...

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-07-22 IAVM : 2010-B-0054 - Multiple Vulnerabilities in VMware Studio
Severity : Category II - VMSKEY : V0024858

Nessus® Vulnerability Scanner

Date Description
2013-10-23 Name : The remote VMware host is missing one or more security-related patches.
File : vmware_VMSA-2010-0011.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:07:16
  • Multiple Updates
2013-11-11 12:41:39
  • Multiple Updates