var-200703-0141
Vulnerability from variot
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Try it out online: http://secunia.com/software_inspector/
TITLE: Parallels Desktop for Mac Shared Folder Security Issue
SECUNIA ADVISORY ID: SA24171
VERIFY ADVISORY: http://secunia.com/advisories/24171/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE: Local system
SOFTWARE: Parallels Desktop for Mac http://secunia.com/product/12498/
DESCRIPTION: Rich Mogull has reported a security issue in Parallels Desktop for Mac, which can be exploited by malicious software to bypass certain security restrictions.
The problem is that the Drag-and-Drop functionality of the VM (virtual machine) is implemented via a shared folder with "read-write" access to the host system. This can be exploited to write or manipulate files on the host system e.g. by malware in the VM.
SOLUTION: Disable Drag-and-Drop.
PROVIDED AND/OR DISCOVERED BY: Rich Mogull
ORIGINAL ADVISORY: http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "parallels",
"version": "*"
},
{
"model": "desktop",
"scope": "lt",
"trust": 0.8,
"vendor": "parallels",
"version": "20070216"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-095"
},
{
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:parallels:parallels_desktop",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "54706"
}
],
"trust": 0.1
},
"cve": "CVE-2007-1222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2007-1222",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-24584",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-1222",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-1222",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-095",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-24584",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24584"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-095"
},
{
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nParallels Desktop for Mac Shared Folder Security Issue\n\nSECUNIA ADVISORY ID:\nSA24171\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24171/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\nLocal system\n\nSOFTWARE:\nParallels Desktop for Mac\nhttp://secunia.com/product/12498/\n\nDESCRIPTION:\nRich Mogull has reported a security issue in Parallels Desktop for\nMac, which can be exploited by malicious software to bypass certain\nsecurity restrictions. \n\nThe problem is that the Drag-and-Drop functionality of the VM\n(virtual machine) is implemented via a shared folder with\n\"read-write\" access to the host system. This can be exploited to\nwrite or manipulate files on the host system e.g. by malware in the\nVM. \n\nSOLUTION:\nDisable Drag-and-Drop. \n\nPROVIDED AND/OR DISCOVERED BY:\nRich Mogull\n\nORIGINAL ADVISORY:\nhttp://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"db": "VULHUB",
"id": "VHN-24584"
},
{
"db": "PACKETSTORM",
"id": "54706"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1222",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "24171",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "33799",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003450",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-095",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[DAILYDAVE] 20070216 MINOR VIRTUALIZATION VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "83568",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-24584",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54706",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24584"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"db": "PACKETSTORM",
"id": "54706"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-095"
},
{
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"id": "VAR-200703-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24584"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:24:15.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Parallels Desktop",
"trust": 0.8,
"url": "http://www.parallels.com/jp/products/desktop/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-february/004091.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33799"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24171"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1222"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1222"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12498/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24171/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24584"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"db": "PACKETSTORM",
"id": "54706"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-095"
},
{
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-24584"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"db": "PACKETSTORM",
"id": "54706"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-095"
},
{
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-24584"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"date": "2007-02-27T16:54:22",
"db": "PACKETSTORM",
"id": "54706"
},
{
"date": "2007-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-095"
},
{
"date": "2007-03-02T22:19:00",
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-24584"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003450"
},
{
"date": "2007-03-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-095"
},
{
"date": "2024-11-21T00:27:48.230000",
"db": "NVD",
"id": "CVE-2007-1222"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-095"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac For Parrallels Desktop Vulnerable to writing files to the host file system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003450"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-095"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…