VMware Consolidated Backup (VCB) User Password Information Disclosure Vulnerability

Bugtraq ID:	30937
Class:	Design Error
CVE:	CVE-2008-2101
Remote:	No
Local:	Yes
Published:	Aug 30 2008 12:00AM
Updated:	Oct 01 2012 07:01PM
Credit:	The vendor
Vulnerable:	VMWare ESX Server 3.0.3 VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 3.5 Gentoo Linux
Not Vulnerable:

VMware Consolidated Backup (VCB) User Password Information Disclosure Vulnerability

VMware Consolidated Backup (VCB) is prone to an information-disclosure vulnerability.

A local attacker can exploit this issue to retrieve the password of the user running VCB.

VMware Consolidated Backup (VCB) User Password Information Disclosure Vulnerability

Attackers can use local commands, such as the 'ps' command, to exploit this issue.

VMware Consolidated Backup (VCB) User Password Information Disclosure Vulnerability

Solution:
The vendor released updates and an advisory. Please see the references for more information.

VMware Consolidated Backup (VCB) User Password Information Disclosure Vulnerability

References:

• VMware Homepage (VMware)