Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX

🗓️ 27 Dec 2013 00:00:00Reported by This script is Copyright (C) 2013 Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 21 Views

VMware ESXi and ESX unauthorized file access through vCenter Server and ESX. Vulnerability in file descriptors handling may allow unauthorized access and code execution. Apply missing patches for mitigation

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2013-5973
23 Dec 201315:00
cve
Cvelist		CVE-2013-5973
23 Dec 201315:00
cvelist
EUVD		EUVD-2013-5803
7 Oct 202500:30
euvd
Japan Vulnerability Notes		JVN#13154935: VMware ESX and ESXi may allow access to arbitrary files
24 Dec 201300:00
jvn
Japan Vulnerability Notes		VMware ESX and ESXi may allow access to arbitrary files
24 Dec 201306:02
jvn
NVD		CVE-2013-5973
23 Dec 201315:42
nvd
OpenVAS		VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX (remote check)
27 Dec 201300:00
openvas
OpenVAS		VMware ESXi/ESX unauthorized file access through vCenter Server and ESX (VMSA-2013-0016) - Local Version Check
27 Dec 201300:00
openvas
OpenVAS		VMware ESXi/ESX unauthorized file access through vCenter Server and ESX (VMSA-2013-0016) - Remote Version Check
27 Dec 201300:00
openvas
Prion		Design/Logic Flaw
23 Dec 201315:42
prion
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_VMSA-2013-0016.nasl 6086 2017-05-09 09:03:30Z teissa $
#
# VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
#
# Authors:
# Michael Meyer <[email protected]>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "VMware ESXi and ESX unauthorized file access through vCenter Server and ESX";
tag_solution = "Apply the missing patch(es).";

tag_affected = "VMware ESXi 5.5 without patch ESXi550-201312001
VMware ESXi 5.1 without patch ESXi510-201310001
VMware ESXi 5.0 without patch update-from-esxi5.0-5.0_update03
VMware ESXi 4.1 without patch ESXi410-201312001
VMware ESXi 4.0 without patch ESXi400-201310001

VMware ESX 4.1 without patch ESX410-201312001
VMware ESX 4.0 without patch ESX400-201310001";

tag_vuldetect = "Checks for missing patches.";

tag_insight = 'a. VMware ESXi and ESX unauthorized file access through vCenter Server and ESX

VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual
Machine file descriptors. This issue may allow an unprivileged vCenter Server
user with the privilege "Add Existing Disk" to obtain read and write access to
arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain
read and write access to arbitrary files. Modifying certain files may allow
for code execution after a host reboot.

Unpriviledged vCenter Server users or groups that are assigned the predefined
role "Virtual Machine Power User" or "Resource Pool Administrator" have the
privilege "Add Existing Disk".

The issue cannot be exploited through VMware vCloud Director.

Workaround

A workaround is provided in VMware Knowledge Base article 2066856. 

Mitigation

In a default vCenter Server installation no unprivileged users or groups
are assigned the predefined role "Virtual Machine Power User" or "Resource
Pool Administrator".  Restrict the number of vCenter Server users that have
the privilege "Add Existing Disk".';

if (description)
{
 script_id(103863);
 script_cve_id("CVE-2013-5973");
 script_tag(name:"cvss_base", value:"4.4");
 script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
 script_version ("$Revision: 6086 $");
 script_name("VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX");


 script_xref(name:"URL", value:"http://www.vmware.com/security/advisories/VMSA-2013-0016.html");

 script_tag(name:"last_modification", value:"$Date: 2017-05-09 11:03:30 +0200 (Tue, 09 May 2017) $");
 script_tag(name:"creation_date", value:"2013-12-27 10:04:01 +0100 (Fri, 27 Dec 2013)");
 script_category(ACT_GATHER_INFO);
 script_family("VMware Local Security Checks");
 script_copyright("This script is Copyright (C) 2013 Greenbone Networks GmbH");
 script_dependencies("gb_vmware_esxi_init.nasl");
 script_mandatory_keys("VMware/ESXi/LSC","VMware/ESX/version");

 script_tag(name : "vuldetect" , value : tag_vuldetect);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name : "affected" , value : tag_affected);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");

 exit(0);

}

include("vmware_esx.inc");
include("version_func.inc");

if(!get_kb_item('VMware/ESXi/LSC'))exit(0);
if(!esxVersion = get_kb_item("VMware/ESX/version"))exit(0);

patches = make_array("4.0.0","ESXi400-201310401-SG",
                     "4.1.0","ESXi410-201312401-SG",
                     "5.0.0","VIB:esx-base:5.0.0-2.38.1311177",
                     "5.1.0","VIB:esx-base:5.1.0-1.19.1312874",
                     "5.5.0","VIB:esx-base:5.5.0-0.7.1474526");

if(!patches[esxVersion])exit(0);

if(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {

  security_message(port:0);
  exit(0);

}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 May 2017 00:00Current
1Low risk
Vulners AI Score1
EPSS0.00033
vmware esxivmware esxunauthorized file accessvcenter servercode executionmissing patches
21