VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
This module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This module has been tested successfully on VMware Player version 12.5.0 on Debian Linux 8 Jessie.
msf > use exploit/linux/local/vmware_alsa_config msf exploit(vmware_alsa_config) > show targets ...targets... msf exploit(vmware_alsa_config) > set TARGET <target-id> msf exploit(vmware_alsa_config) > show options ...show and set options... msf exploit(vmware_alsa_config) > exploit
Local Exploits Various local exploits CVE-2019-12181 Local root exploit for Serv-U FTP Server versions prior to 1517 Bash variant of Guy Levin's Serv-U FTP Server exploit (2019-06-13) for CVE-2019-12181 A privilege escalation vulnerability exists in SolarWinds Serv-U before 1517 for Linux CVE-2017-5899 S-nail local root exploit Wrapper for @wapiflapi's s-nail
Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :
CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93
VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability.
The virtualization software company warned of the issues Thursday night in a security advisory VMSA-2017-0009.
Jann Horn, a security researcher for Google Project Zero who’s previously uncovered bugs in Xen’s hypervisor and the Linux kernel, found the library loading vulnerability in VMware’s Workstation Pro/Playe...