=> default: Running 'pre-boot' VM customizations. => default: Preparing network interfaces based on configuration.ĭefault: 22 (guest) => 2222 (host) (adapter 1) => default: Clearing any previously set network interfaces. => default: Checking if box 'ubuntu/focal64' version '20220419.0.0' is up to date. HASHICORP VAGRANT MAC=> default: Matching MAC address for NAT networking. => default: Importing base box 'ubuntu/focal64'. The issue was reported to Hashicorp on 27/07/17 and fixed on 01/08/17.Bringing machine 'default' up with 'virtualbox' provider. HASHICORP VAGRANT CODEWith any arbitrary ruby code which will then get executed as root when Sudo helper as root, and the sudo helper is not root-owned so we can Unfortunately it's still possible to exploit it because the wrapper This is now mitigated with 4.0.22 because the wrapper refuses to execute Wrapper directly and execute an arbitrary fake "ruby" script in the Previously I exploited the unsanitised system("ruby") call to simply Script elevates privileges and then executes the ruby sudo helper The wrapper that matches the system architecture will be made suid rootįirst time any vagrant box is up'd. Vagrant_vmware_desktop_sudo_helper_wrapper_linux_amd64 Vagrant_vmware_desktop_sudo_helper_wrapper_linux_386 Vagrant_vmware_desktop_sudo_helper_wrapper_darwin_amd64 Vagrant_vmware_desktop_sudo_helper_wrapper_darwin_386 HASHICORP VAGRANT PATCHHashicorp reacted much faster this time, takingįew days to issue a patch instead of a few months and 4.0.24 does fixĪs discussed before the plugin installs a "sudo helper" encrypted rubyĪnd four architecture-specific wrappers into Unfortunately, 4.0.22 is still exploitable and the subsequent release ofĭid not fix the issue. Only got around to testing 4.0.22 at the end of last week. I then had to give my mac to Apple for a couple of weeks for some That prevented it from working at all on mac systems so I was unable to The initial patch they released was 4.0.21 which unfortunately contained By Thread CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion Ī couple of weeks ago I disclosed a local root privesc in Hashicorp's
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |