Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_VMSA-2012-0007.NASLHistoryApr 13, 2012 - 12:00 a.m.
VMSA-2012-0007 : VMware hosted products and ESXi/ESX patches address privilege escalation
2012-04-1300:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
a. VMware Tools Incorrect Folder Permissions Privilege Escalation
The access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.
VMware would like to thank Tavis Ormandy for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1518 to this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory 2012-0007.
# The text itself is copyright (C) VMware Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(58744);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2012-1518");
script_xref(name:"VMSA", value:"2012-0007");
script_name(english:"VMSA-2012-0007 : VMware hosted products and ESXi/ESX patches address privilege escalation");
script_summary(english:"Checks esxupdate output for the patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote VMware ESXi / ESX host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"a. VMware Tools Incorrect Folder Permissions Privilege Escalation
The access control list of the VMware Tools folder is incorrectly
set. Exploitation of this issue may lead to local privilege
escalation on Windows-based Guest Operating Systems.
VMware would like to thank Tavis Ormandy for reporting this issue
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1518 to this issue."
);
script_set_attribute(
attribute:"see_also",
value:"http://lists.vmware.com/pipermail/security-announce/2012/000181.html"
);
script_set_attribute(attribute:"solution", value:"Apply the missing patch.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"VMware ESX Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
exit(0);
}
include("audit.inc");
include("vmware_esx_packages.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
!get_kb_item("Host/VMware/esxcli_software_vibs") &&
!get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);
init_esx_check(date:"2012-04-12");
flag = 0;
if (
esx_check(
ver : "ESX 4.0",
patch : "ESX400-201203401-SG",
patch_updates : make_list("ESX400-201205401-SG", "ESX400-201206401-SG", "ESX400-201209401-SG", "ESX400-201302401-SG", "ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG")
)
) flag++;
if (
esx_check(
ver : "ESX 4.1",
patch : "ESX410-201201401-SG",
patch_updates : make_list("ESX410-201204401-SG", "ESX410-201205401-SG", "ESX410-201206401-SG", "ESX410-201208101-SG", "ESX410-201211401-SG", "ESX410-201301401-SG", "ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG", "ESX410-Update03")
)
) flag++;
if (esx_check(ver:"ESXi 5.0", vib:"VMware:tools-light:5.0.0-0.10.608089")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related
cvelist
cvelist
CVE-2012-1518
2012-04-17 21:00:00
nessus
nessus
VMware ESX / ESXi Tools Folder Incorrect ACL Privilege Escalation (VMSA-2012-0007) (remote check)
2016-03-03 00:00:00
VMware Products Local Privilege Escalation (VMSA-2012-0007)
2012-04-19 00:00:00
VMware Fusion 4.x < 4.1.2 (VMSA-2012-0007)
2012-04-19 00:00:00
seebug
seebug
VMwareε€δΈͺδΊ§εζ¬ε°ζιζεζΌζ΄
2012-04-16 00:00:00
securityvulns
securityvulns
VMWare ESXi / ESX weak permissions
2012-04-24 00:00:00
openvas
openvas
VMware ESXi/ESX patches address privilege escalation (VMSA-2012-0007)
2012-04-13 00:00:00
prion
prion
Design/Logic Flaw
2012-04-17 21:55:00
vmware
vmware
VMware hosted products and ESXi/ESX patches address privilege escalation
2012-04-12 00:00:00
VMware hosted products and ESXi/ESX patches address privilege escalation
2012-04-12 00:00:00
cve
cve
CVE-2012-1518
2012-04-17 21:55:00
Related for VMWARE_VMSA-2012-0007.NASL