VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation (remote check)

VMware patches address guest privilege escalation on older Windows-based Guest Operating System

Reporter	Title	Published	Views	Family All 18
CVE	CVE-2013-3519	4 Dec 201315:00	–	cve
Cvelist	CVE-2013-3519	4 Dec 201315:00	–	cvelist
EUVD	EUVD-2013-3454	7 Oct 202500:30	–	euvd
Tenable Nessus	VMware Fusion 5.x < 5.0.4 LGTOSYNC.SYS Privilege Escalation (VMSA-2013-0014)	5 Dec 201300:00	–	nessus
Tenable Nessus	ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check)	13 Nov 201300:00	–	nessus
Tenable Nessus	VMware ESX / ESXi Guest OS Local Privilege Escalation (VMSA-2013-0014) (remote check)	4 Mar 201600:00	–	nessus
Tenable Nessus	VMware Player 5.x < 5.0.3 LGTOSYNC.SYS Guest Privilege Escalation (VMSA-2013-0014)	5 Dec 201300:00	–	nessus
Tenable Nessus	VMSA-2013-0014 : VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation	4 Dec 201300:00	–	nessus
Tenable Nessus	VMware Workstation 9.x < 9.0.3 Multiple Privilege Escalation Vulnerabilities (VMSA-2013-0013 / VMSA-2013-0014)	22 Nov 201300:00	–	nessus
NVD	CVE-2013-3519	4 Dec 201318:56	–	nvd

Source	Link
vmware	www.vmware.com/security/advisories/VMSA-2013-0014.html

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_VMSA-2013-0014_remote.nasl 6093 2017-05-10 09:03:18Z teissa $
#
# VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation (remote check)
#
# Authors:
# Michael Meyer <[email protected]>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "VMware Workstation, Fusion, ESXi and ESX patches
address a vulnerability in the LGTOSYNC.SYS driver which could result
in a privilege escalation on older Windows-based Guest Operating
Systems. ";

tag_solution = "Apply the missing patch(es).";

tag_affected = "VMware Workstation 9.x prior to version 9.0.3
VMware Player 5.x prior to version 5.0.3
VMware Fusion 5.x prior to version 5.0.4

VMware ESXi 5.1 without patch ESXi510-201304102
VMware ESXi 5.0 without patch ESXi500-201303102
VMware ESXi 4.1 without patch ESXi410-201301402
VMware ESXi 4.0 without patch ESXi400-201305401

VMware ESX 4.1 without patch ESX410-201301401
VMware ESX 4.0 without patch ESX400-201305401";

tag_vuldetect = "Check the build number.";

tag_insight = "a. VMware LGTOSYNC privilege escalation.

VMware ESX, Workstation and Fusion contain a vulnerability in the
handling of control code in lgtosync.sys. A local malicious user may
exploit this vulnerability to manipulate the memory allocation. This
could result in a privilege escalation on 32-bit Guest Operating
Systems running Windows 2000 Server, Windows XP or Windows 2003 Server
on ESXi and ESX; or Windows XP on Workstation and Fusion.

The vulnerability does not allow for privilege escalation from the
Guest Operating System to the host. This means that host memory can
not be manipulated from the Guest Operating System. ";

if (description)
{
 script_id(103850);
 script_cve_id("CVE-2013-3519");
 script_tag(name:"cvss_base", value:"7.9");
 script_tag(name:"cvss_base_vector", value:"AV:A/AC:M/Au:N/C:C/I:C/A:C");
 script_version ("$Revision: 6093 $");
 script_name("VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation (remote check)");


 script_xref(name:"URL", value:"http://www.vmware.com/security/advisories/VMSA-2013-0014.html");

 script_tag(name:"last_modification", value:"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $");
 script_tag(name:"creation_date", value:"2013-12-04 10:04:01 +0100 (Wed, 04 Dec 2013)");
 script_category(ACT_GATHER_INFO);
 script_family("General");
 script_copyright("This script is Copyright (C) 2013 Greenbone Networks GmbH");
 script_dependencies("gb_vmware_esx_web_detect.nasl");
 script_mandatory_keys("VMware/ESX/build","VMware/ESX/version");

 script_tag(name : "vuldetect" , value : tag_vuldetect);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name : "affected" , value : tag_affected);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");

 exit(0);

}

include("vmware_esx.inc");

if(!esxVersion = get_kb_item("VMware/ESX/version"))exit(0);
if(!esxBuild = get_kb_item("VMware/ESX/build"))exit(0);

fixed_builds = make_array("5.0.0","1022489",
                          "5.1.0","1063671");

if(!fixed_builds[esxVersion])exit(0);

if(int(esxBuild) < int(fixed_builds[esxVersion])) {
  security_message(port:0, data: esxi_remote_report(ver:esxVersion, build: esxBuild, fixed_build: fixed_builds[esxVersion]));
  exit(0);
}  

exit(99);

10 May 2017 00:00Current

1Low risk

Vulners AI Score1

EPSS0.0017