Full Disclosure mailing list archives
CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager
From: Nate Kettlewell <nate () depthsecurity com>
Date: Wed, 15 Jun 2016 13:57:55 +0000
Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Version(s): < 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th, 2016 Vulnerability Type: Security Misconfiguration CVE Reference: CVE-2016-3643 Risk Level: High CVSSv3 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( https://www.depthsecurity.com/ ) ----------------------------------------------------------------------------------------------- Advisory Details: Depth Security discovered a vulnerability in Solarwinds Virtualization Manager appliance. This attack requires a user to have an operating system shell on the vulnerable appliance. 1) Misconfiguration of sudo in Solarwinds Virtualization Manager: CVE-2016-3643 The vulnerability exists due to the miconfiguration of sudo in that it allows any local user to use sudo to execute commands as the superuser. A local attacker can obtain root privileges to the operating system regardless of privilege level. ----------------------------------------------------------------------------------------------- Solution: Solarwinds has released a hotfix to remediate this vulnerability on existing installations. This flaw as well as several others have been corrected and that release has been put into manufacturing for new appliances. ----------------------------------------------------------------------------------------------- Proof of Concept: The following is an example of the commands necessary for a low-privileged user to dump the contents of the "/etc/shadow" file by using sudo. sudo cat /etc/passwd ----------------------------------------------------------------------------------------------- References: [1] Solarwinds Virtualization Manager- http://www.solarwinds.com/virtualization-manager - Solarwinds Virtualization Manager provides monitoring and remediation for virtualized environments. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager Nate Kettlewell (Jun 15)
- <Possible follow-ups>
- CVE-2016-3643 - Misconfiguration of sudo in Solarwinds Virtualization Manager Nate Kettlewell (Jun 15)