ID VMWARE_WORKSTATION_WIN_VMSA_2018_0022.NASL Type nessus Reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
The version of VMware Workstation installed on the remote Windows
host is 14.x prior to 14.1.3. It is, therefore, missing a security
update that fixes an out-of-bounds write vulnerability.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(111979);
script_version("1.4");
script_cvs_date("Date: 2019/11/04");
script_cve_id("CVE-2018-6973");
script_bugtraq_id(105094);
script_xref(name:"VMSA", value:"2018-0022");
script_name(english:"VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022)");
script_summary(english:"Checks the VMware Workstation version.");
script_set_attribute(attribute:"synopsis", value:
"A virtualization application installed on the remote Windows host is
affected by an out-of-bounds write vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of VMware Workstation installed on the remote Windows
host is 14.x prior to 14.1.3. It is, therefore, missing a security
update that fixes an out-of-bounds write vulnerability.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/us/security/advisories/VMSA-2018-0022.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Workstation version 14.1.3 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6973");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/14");
script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("vmware_workstation_detect.nasl");
script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Workstation");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/Registry/Enumerated");
appname = 'VMware Workstation';
install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];
fix = '';
if (version =~ "^14\.") fix = "14.1.3";
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + '\n';
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
{"id": "VMWARE_WORKSTATION_WIN_VMSA_2018_0022.NASL", "bulletinFamily": "scanner", "title": "VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022)", "description": "The version of VMware Workstation installed on the remote Windows\nhost is 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.", "published": "2018-08-20T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/111979", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.vmware.com/us/security/advisories/VMSA-2018-0022.html"], "cvelist": ["CVE-2018-6973"], "type": "nessus", "lastseen": "2021-01-01T07:00:24", "edition": 23, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-6973"]}, {"type": "zdi", "idList": ["ZDI-18-1060"]}, {"type": "nessus", "idList": ["VMWARE_PLAYER_LINUX_VMSA_2018_0022.NASL", "VMWARE_PLAYER_WIN_VMSA_2018_0022.NASL", "VMWARE_WORKSTATION_LINUX_VMSA_2018_0022.NASL", "MACOSX_FUSION_VMSA_2018_0022.NASL"]}, {"type": "vmware", "idList": ["VMSA-2018-0022"]}, {"type": "kaspersky", "idList": ["KLA11304"]}], "modified": "2021-01-01T07:00:24", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2021-01-01T07:00:24", "rev": 2}, "vulnersScore": 7.8}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111979);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-6973\");\n script_bugtraq_id(105094);\n script_xref(name:\"VMSA\", value:\"2018-0022\");\n\n script_name(english:\"VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022)\");\n script_summary(english:\"Checks the VMware Workstation version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote Windows host is\naffected by an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workstation installed on the remote Windows\nhost is 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/us/security/advisories/VMSA-2018-0022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation version 14.1.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_workstation_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/VMware Workstation\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nappname = 'VMware Workstation';\n\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nfix = '';\nif (version =~ \"^14\\.\") fix = \"14.1.3\";\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n\nif (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "naslFamily": "Windows", "pluginID": "111979", "cpe": ["cpe:/a:vmware:workstation"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}
{"cve": [{"lastseen": "2020-12-09T20:25:46", "description": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.", "edition": 5, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-08-15T12:29:00", "title": "CVE-2018-6973", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6973"], "modified": "2018-10-15T18:35:00", "cpe": [], "id": "CVE-2018-6973", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6973", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "zdi": [{"lastseen": "2020-06-22T11:40:55", "bulletinFamily": "info", "cvelist": ["CVE-2018-6973"], "description": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The specific flaw exists within the handling of the virtualized e1000 device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-09-17T00:00:00", "id": "ZDI-18-1060", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1060/", "title": "VMware Workstation e1000 Buffer Overflow Privilege Escalation Vulnerability", "type": "zdi", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:20", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6973"], "description": "**Workstation and Fusion e1000 device out-of-bounds write vulnerability** \n \n\n\nVMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. \n\n\nVMware would like to thank Anonymous working with Trend Micro's Zero Day Initiative for reporting this issue to us.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6973 to this issue. \n\n\n \nColumn 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 3, "modified": "2018-08-14T00:00:00", "published": "2018-08-14T00:00:00", "id": "VMSA-2018-0022", "href": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html", "title": "VMware Workstation and Fusion updates address an out-of-bounds write issue", "type": "vmware", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T03:30:04", "description": "The version of VMware Fusion installed on the remote macOS or\nMac OS X host is 10.x prior to 10.1.3. It is, therefore, missing a\nsecurity update that fixes an out-of-bounds write vulnerability.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-08-20T00:00:00", "title": "VMware Fusion 10.x < 10.1.3 Out-of-Bounds Write Vulnerabilities (VMSA-2018-0022) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6973"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "MACOSX_FUSION_VMSA_2018_0022.NASL", "href": "https://www.tenable.com/plugins/nessus/111977", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111977);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-6973\");\n script_bugtraq_id(105094);\n script_xref(name:\"VMSA\", value:\"2018-0022\");\n\n script_name(english:\"VMware Fusion 10.x < 10.1.3 Out-of-Bounds Write Vulnerabilities (VMSA-2018-0022) (macOS)\");\n script_summary(english:\"Checks the VMware Fusion version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote macOS or Mac OS X\nhost is affected by an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Fusion installed on the remote macOS or\nMac OS X host is 10.x prior to 10.1.3. It is, therefore, missing a\nsecurity update that fixes an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/us/security/advisories/VMSA-2018-0022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Fusion version 10.1.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_fusion_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"installed_sw/VMware Fusion\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\ninstall = get_single_install(app_name:\"VMware Fusion\", exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nfix = '';\nif (version =~ \"^10\\.\") fix = '10.1.3';\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Fusion\", version, path);\n\nif (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Fusion\", version, path);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T07:00:06", "description": "The version of VMware Player installed on the remote Windows host\nis 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-08-20T00:00:00", "title": "VMware Player 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-022)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6973"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_PLAYER_WIN_VMSA_2018_0022.NASL", "href": "https://www.tenable.com/plugins/nessus/111978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111978);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-6973\");\n script_bugtraq_id(105094);\n script_xref(name:\"VMSA\", value:\"2018-0022\");\n\n script_name(english:\"VMware Player 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-022)\");\n script_summary(english:\"Checks the VMware Player version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote Windows host is\naffected by an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Player installed on the remote Windows host\nis 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/us/security/advisories/VMSA-2018-022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Player version 14.1.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_player_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/VMware Player\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\ninstall = get_single_install(app_name:\"VMware Player\", exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nfix = '';\nif (version =~ \"^14\\.\") fix = '14.1.3';\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Player\", version, path);\n\nif (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Player\", version, path);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T07:00:06", "description": "The version of VMware Player installed on the remote Linux host\nis 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-08-20T00:00:00", "title": "VMware Player 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-022) (Linux)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6973"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_PLAYER_LINUX_VMSA_2018_0022.NASL", "href": "https://www.tenable.com/plugins/nessus/111975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111975);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-6973\");\n script_bugtraq_id(105094);\n script_xref(name:\"VMSA\", value:\"2018-0022\");\n\n script_name(english:\"VMware Player 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-022) (Linux)\");\n script_summary(english:\"Checks the VMware Player version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote Linux host is\naffected by an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Player installed on the remote Linux host\nis 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/us/security/advisories/VMSA-2018-022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Player version 14.1.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_player_linux_installed.nbin\");\n script_require_keys(\"Host/VMware Player/Version\");\n script_exclude_keys(\"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (get_kb_item(\"SMB/Registry/Enumerated\")) audit(AUDIT_OS_NOT, \"Linux\", \"Windows\");\n\nversion = get_kb_item_or_exit(\"Host/VMware Player/Version\");\n\nfix = '';\nif (version =~ \"^14\\.\") fix = '14.1.3';\n\nif (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Player\", version);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-22T10:55:14", "description": "The version of VMware Workstation installed on the remote Linux\nhost is 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-08-20T00:00:00", "title": "VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022) (Linux)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6973"], "modified": "2018-08-20T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_WORKSTATION_LINUX_VMSA_2018_0022.NASL", "href": "https://www.tenable.com/plugins/nessus/111976", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111976);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/21\");\n\n script_cve_id(\"CVE-2018-6973\");\n script_bugtraq_id(105094);\n script_xref(name:\"VMSA\", value:\"2018-0022\");\n\n script_name(english:\"VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022) (Linux)\");\n script_summary(english:\"Checks the VMware Workstation version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote Linux host is\naffected by an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workstation installed on the remote Linux\nhost is 14.x prior to 14.1.3. It is, therefore, missing a security\nupdate that fixes an out-of-bounds write vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/us/security/advisories/VMSA-2018-0022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation version 14.1.3 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6973\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_workstation_linux_installed.nbin\");\n script_require_keys(\"Host/VMware Workstation/Version\");\n script_exclude_keys(\"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (get_kb_item(\"SMB/Registry/Enumerated\")) audit(AUDIT_OS_NOT, \"Linux\", \"Windows\");\n\nversion = get_kb_item_or_exit(\"Host/VMware Workstation/Version\");\n\nfix = '';\nif (version =~ \"^14\\.\") fix = '14.1.3';\n\nif (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Workstation\", version);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:44:15", "bulletinFamily": "info", "cvelist": ["CVE-2018-3646", "CVE-2018-6974", "CVE-2018-6973"], "description": "### *Detect date*:\n08/14/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities was found in VWware Workstation and Fusion. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and bypass security restrictions.\n\n### *Affected products*:\nVMware Workstation 14.x earlier than 14.1.3 \nVMware Fusion 10.x earlier than 10.1.3\n\n### *Solution*:\nUpdate to the latest version \n[Download Workstation](<https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation_pro/14_0>)\n\n### *Original advisories*:\n[VMSA-2018-0020](<https://www.vmware.com/security/advisories/VMSA-2018-0020.html>) \n[VMSA-2018-0022](<https://www.vmware.com/security/advisories/VMSA-2018-0022.html>) \n[VMSA-2018-0026](<https://www.vmware.com/security/advisories/VMSA-2018-0026.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2018-3646](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646>)5.8High \n[CVE-2018-6973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6973>)8.8Critical \n[CVE-2018-6974](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6974>)0.0Unknown", "edition": 14, "modified": "2020-05-22T00:00:00", "published": "2018-08-14T00:00:00", "id": "KLA11304", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11304", "title": "\r KLA11304Multiple vulnerabilities in VMware products ", "type": "kaspersky", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
