VMware Security Advisories VMSA-2018-0031

VMware Security Advisories VMSA-2018-0031

vRealize Operations updates address a local privilege escalation vulnerability - 

Problem Description - 

vROps contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine.

 

**The admin user (non-sudoer) should not be confused with root of the vROps machine.

 

VMware would like to thank Alessandro Zanni, pentester at OVH for reporting this issue to us.

 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6978 to this issue.

 

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

 

Please refer link for more details. 

 

 

Leave a comment