Oracle Virtual Server Agent 2.3: Local Privilege Escalation Vulnerability

Users of Oracle Virtual Server Agent 2.3 please be advised of a Local Privilege Escalation vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

ONAPSIS-2010-010: [ONAPSIS-2010-010] Oracle Virtual Server Agent Local Privilege Escalation
– Affected Components:

* Oracle Virtual Server Agent 2.3

– Vulnerability Class: Local privilege escalation
. Vulnerability Details
========================

Oracle VM Agent stores user authentication data in files with weak permissions. This can be abused by a non privileged
user to access cleartext
passwords and password hashes, leading to a privilege escalation attack.

Onapsis is not distributing technical details about this issue to the general public at this moment in order to provide
enough time to affected
customers to patch their systems and protect against the exploitation of the described vulnerability.
Read more at http://www.criticalwatch.com

 

Advertisements