Lucene search
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.VMWARE_VMSA-2014-0005_REMOTE.NASLHistoryDec 30, 2015 - 12:00 a.m.
VMware ESXi Tools Guest OS Privilege Escalation (VMSA-2014-0005)
2015-12-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
67
The remote VMware ESXi host is affected by a privilege escalation vulnerability due to a NULL pointer dereference flaw in VMware Tools running on Microsoft Windows 8.1. An attacker on an adjacent network can exploit this issue to gain elevated privileges within the guest operating system or else cause the guest operating system to crash.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(87677);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2014-3793");
script_bugtraq_id(67737);
script_xref(name:"VMSA", value:"2014-0005");
script_name(english:"VMware ESXi Tools Guest OS Privilege Escalation (VMSA-2014-0005)");
script_summary(english:"Checks the version and build numbers of the remote host.");
script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi host is missing a security-related patch.");
script_set_attribute(attribute:"description", value:
"The remote VMware ESXi host is affected by a privilege escalation
vulnerability due to a NULL pointer dereference flaw in VMware Tools
running on Microsoft Windows 8.1. An attacker on an adjacent network
can exploit this issue to gain elevated privileges within the guest
operating system or else cause the guest operating system to crash.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0005");
script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000247.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESXi version 5.0 / 5.1 / 5.5.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/29");
script_set_attribute(attribute:"patch_publication_date", value:"2014/05/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_dependencies("vmware_vsphere_detect.nbin");
script_require_keys("Host/VMware/version", "Host/VMware/release");
script_require_ports("Host/VMware/vsphere");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
if ("ESXi" >!< rel)
audit(AUDIT_OS_NOT, "VMware ESXi");
esx = "ESXi";
extract = eregmatch(pattern:"^ESXi (\d\.\d).*$", string:ver);
if (isnull(extract))
audit(AUDIT_UNKNOWN_APP_VER, "VMware ESXi");
else
ver = extract[1];
fixes = make_array(
"5.0", "1749766",
"5.1", "1743201",
"5.5", "1623387"
);
# security-only fixes
full_fixes = make_array(
"5.0", "1851670",
"5.1", "1743533"
);
fix = FALSE;
fix = fixes[ver];
full_fix = FALSE;
full_fix = full_fixes[ver];
# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi.* build-([0-9]+)$', string:rel);
if (isnull(extract))
audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", ver);
build = int(extract[1]);
# if there is no fix in the array, fix is FALSE
if(!fix)
audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver, build);
if (build < fix)
{
# if there is a security fix, check for it now
if (full_fix)
fix = fix + " / " + full_fix;
if (report_verbosity > 0)
{
report = '\n Version : ESXi ' + ver +
'\n Installed build : ' + build +
'\n Fixed build : ' + fix +
'\n';
security_warning(port:port, extra:report);
}
else
security_warning(port:port);
exit(0);
}
else
audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver, build);
Related
openvas
openvas
VMSA-2014-0005: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
2014-06-02 00:00:00
VMware ESXi patches address a guest privilege escalation (VMSA-2014-0005) - Remote Version Check
2014-06-02 00:00:00
VMware ESXi patches address a guest privilege escalation (VMSA-2014-0005)
2014-06-02 00:00:00
prion
prion
Null pointer dereference
2014-05-31 11:17:00
nessus
nessus
securityvulns
securityvulns
VMWare privilege escalation
2014-06-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-3793
2014-05-31 00:00:00
cvelist
cvelist
CVE-2014-3793
2014-05-31 10:00:00
vmware
vmware
cve
cve
CVE-2014-3793
2014-05-31 11:17:00
Related for VMWARE_VMSA-2014-0005_REMOTE.NASL