Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VMware Fusion 6.x < 6.0.3 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005)

🗓️ 02 Jun 2014 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 30 Views

VMware Fusion 6.x < 6.0.3 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005). Vulnerability in VMware Fusion version 6.x prior to 6.0.3 allows privilege escalation via kernel NULL dereference in VMware tools on Windows 8.1 guest hosts

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2014-3793
31 May 201410:00
cve
Cvelist		CVE-2014-3793
31 May 201410:00
cvelist
EUVD		EUVD-2014-3732
7 Oct 202500:30
euvd
NVD		CVE-2014-3793
31 May 201411:17
nvd
OpenVAS		VMSA-2014-0005: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
2 Jun 201400:00
openvas
OpenVAS		VMSA-2014-0005: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
2 Jun 201400:00
openvas
OpenVAS		VMware ESXi patches address a guest privilege escalation (VMSA-2014-0005)
2 Jun 201400:00
openvas
OpenVAS		VMware ESXi patches address a guest privilege escalation (VMSA-2014-0005) - Remote Version Check
2 Jun 201400:00
openvas
Prion		Null pointer dereference
31 May 201411:17
prion
securityvulns		NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
2 Jun 201400:00
securityvulns
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74263);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2014-3793");
  script_bugtraq_id(67737);
  script_xref(name:"VMSA", value:"2014-0005");

  script_name(english:"VMware Fusion 6.x < 6.0.3 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005)");
  script_summary(english:"Checks Fusion version");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a virtualization application that is affected by a
privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of VMware Fusion installed on the remote Mac OS X host is
version 6.x prior to 6.0.3. It is, therefore, reportedly affected by a
privilege escalation vulnerability.

A kernel NULL dereference flaw exists in VMware tools on Windows 8.1
guest hosts. An attacker could escalate his privileges on the guest
host.

Note that successful exploitation of the vulnerability does not allow
privilege escalation from the guest host to the host system.");
  # https://www.vmware.com/support/fusion6/doc/fusion-603-release-notes.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bd08e50e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Fusion 6.0.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3793");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_fusion_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "MacOSX/Fusion/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

get_kb_item_or_exit("Host/local_checks_enabled");

os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");

version = get_kb_item_or_exit("MacOSX/Fusion/Version");
path = get_kb_item_or_exit("MacOSX/Fusion/Path");

fixed_version = '6.0.3';
if (
  version =~ "^6\." &&
  ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Nov 2019 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 25.8
EPSS0.00193
vmware fusionprivilege escalationvmsa-2014-0005windows 8.1vulnerability
30