Описание
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-7642
- https://github.com/hashicorp/vagrant-plugin-changelog/blob/master/vagrant-vmware-changelog.md
- https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html
- https://www.exploit-db.com/exploits/42334
- http://seclists.org/fulldisclosure/2017/Jul/29
Связанные уязвимости
CVSS3: 7.8
nvd
больше 8 лет назад
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.