VMware是一款虚拟PC软件，允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。VMware Tools是WMware提供的一组实用工具套件，它可以提高虚拟机操作系统的性能改善和管理虚拟机。VMware Tools存在OS命令注入漏洞，可能导致权限提升。

[+]info:
~~~~~~~~~
VMware Tools update OS Command Injection
Advisory ID: BONSAI-2010-0110
Date published: Thu Dec 9, 2010
Vendors contacted: VMware
Release mode: Coordinated release
ulnerability Information
Class: Injection
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-4297

[+]poc:
~~~~~~~~~
OS Command Injection – PoC Example
CVSSv2 Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)
VMware Server Infrastructure Web Access is prone to remote command
execution vulnerability because the software fails to adequately
sanitize user-supplied input.
When Updating the VMTools on a certain Guest Virtual Machine, a command
injection attack can be executed if specially crafted parameters are sent.
Successful attacks can compromise the affected Guest Virtual Machine
with root privileges.
The following proof of concept is given. It was exploited in a GNU/Linux
Guest with VMware Tools installed but not fully updated:
POST /ui/sb HTTP/1.1
[…]
Cookie: JSESSIONID=F78CCA7DD3CF4E2E82587B236660C9ED; user_name=vmuser;
l=http%3A%2F%2Flocalhost%3A80%2Fsdk
[…]
[{i:"378",exec:"/cmd/vm",args:["UpgradeTools_Task",{_i:"VirtualMachine|960"},";
INJECTED COMMAND HERE ;"]}]

[+]Reference:
~~~~~~~~~

本文由职坐标整理并发布，希望对同学们有所帮助。了解更多详情请关注职坐标系统运维之Vmware频道！