Lucene search
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.VMWARE_VMSA-2012-0007_REMOTE.NASLHistoryMar 03, 2016 - 12:00 a.m.
VMware ESX / ESXi Tools Folder Incorrect ACL Privilege Escalation (VMSA-2012-0007) (remote check)
2016-03-0300:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
17
The remote ESX/ESXi host is missing a security-related patch. It is, therefore, affected by a privilege escalation vulnerability due to the use of an incorrect Access Control List (ACL) for the VMware Tools folder. An adjacent attacker can exploit this to gain elevated privileges on Windows-based guest operating systems.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(89108);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2012-1518");
script_bugtraq_id(53006);
script_xref(name:"VMSA", value:"2012-0007");
script_name(english:"VMware ESX / ESXi Tools Folder Incorrect ACL Privilege Escalation (VMSA-2012-0007) (remote check)");
script_summary(english:"Checks the remote ESX/ESXi host's version and build number.");
script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi / ESX host is missing a security-related patch.");
script_set_attribute(attribute:"description", value:
"The remote ESX/ESXi host is missing a security-related patch. It is,
therefore, affected by a privilege escalation vulnerability due to the
use of an incorrect Access Control List (ACL) for the VMware Tools
folder. An adjacent attacker can exploit this to gain elevated
privileges on Windows-based guest operating systems.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2012-0007.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/12");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"Misc.");
script_dependencies("vmware_vsphere_detect.nbin");
script_require_keys("Host/VMware/version", "Host/VMware/release");
script_require_ports("Host/VMware/vsphere");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = "ESX/ESXi";
extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
audit(AUDIT_UNKNOWN_APP_VER, esx);
else
{
esx = extract[1];
ver = extract[2];
}
product = "VMware " + esx;
# fix builds
fixes = make_array(
"ESX 3.5", 604481,
"ESXi 3.5", 604481,
"ESX 4.0", 660575,
"ESXi 4.0", 660575,
"ESX 4.1", 582267,
"ESXi 4.1", 582267,
"ESXi 5.0", 623860
);
# security-only fix builds
sec_only_builds = make_array(
"ESXi 5.0", 608089
);
key = esx + ' ' + ver;
fix = NULL;
fix = fixes[key];
sec_fix = NULL;
sec_fix = sec_only_builds[key];
bmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);
if (empty_or_null(bmatch))
audit(AUDIT_UNKNOWN_BUILD, product, ver);
build = int(bmatch[1]);
if (!fix)
audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);
if (build < fix && build != sec_fix)
{
# if there is a security fix
if (sec_fix)
fix = fix + " / " + sec_fix;
# properly spaced label
if ("ESXi" >< esx) ver_label = ' version : ';
else ver_label = ' version : ';
report = '\n ' + esx + ver_label + ver +
'\n Installed build : ' + build +
'\n Fixed build : ' + fix +
'\n';
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else
audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);
Related
nessus
nessus
VMSA-2012-0007 : VMware hosted products and ESXi/ESX patches address privilege escalation
2012-04-13 00:00:00
VMware Products Local Privilege Escalation (VMSA-2012-0007)
2012-04-19 00:00:00
VMware Fusion 4.x < 4.1.2 (VMSA-2012-0007)
2012-04-19 00:00:00
seebug
seebug
VMwareε€δΈͺδΊ§εζ¬ε°ζιζεζΌζ΄
2012-04-16 00:00:00
securityvulns
securityvulns
VMWare ESXi / ESX weak permissions
2012-04-24 00:00:00
openvas
openvas
VMware ESXi/ESX patches address privilege escalation (VMSA-2012-0007)
2012-04-13 00:00:00
cvelist
cvelist
CVE-2012-1518
2012-04-17 21:00:00
prion
prion
Design/Logic Flaw
2012-04-17 21:55:00
vmware
vmware
VMware hosted products and ESXi/ESX patches address privilege escalation
2012-04-12 00:00:00
VMware hosted products and ESXi/ESX patches address privilege escalation
2012-04-12 00:00:00
cve
cve
CVE-2012-1518
2012-04-17 21:55:00
Related for VMWARE_VMSA-2012-0007_REMOTE.NASL