Search...

VMware ESXi/ESX patches address privilege escalation (VMSA-2012-0007)

2012-04-13T00:00:00

ID OPENVAS:1361412562310103466
Type openvas
Reporter Copyright (C) 2012 Greenbone Networks GmbH
Modified 2019-12-18T00:00:00

Description

The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# VMSA-2012-0007 VMware hosted products and ESX patches address privilege escalation
#
# Authors:
# Michael Meyer &lt;michael.meyer@greenbone.net&gt;
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.103466");
  script_cve_id("CVE-2012-1518");
  script_tag(name:"cvss_base", value:"8.3");
  script_tag(name:"cvss_base_vector", value:"AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_version("2019-12-18T11:13:08+0000");
  script_name("VMware ESXi/ESX patches address privilege escalation (VMSA-2012-0007)");
  script_tag(name:"last_modification", value:"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)");
  script_tag(name:"creation_date", value:"2012-04-13 10:53:01 +0100 (Fri, 13 Apr 2012)");
  script_category(ACT_GATHER_INFO);
  script_family("VMware Local Security Checks");
  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
  script_dependencies("gb_vmware_esxi_init.nasl");
  script_mandatory_keys("VMware/ESXi/LSC", "VMware/ESX/version");

  script_xref(name:"URL", value:"http://www.vmware.com/security/advisories/VMSA-2012-0007.html");

  script_tag(name:"solution", value:"Apply the missing patch(es).");

  script_tag(name:"vuldetect", value:"Checks if the target host is missing one or more patch(es).");

  script_tag(name:"summary", value:"The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.");

  script_tag(name:"affected", value:"ESXi 5.0 without patch ESXi500-201203102-SG

  ESXi 4.1 without patch ESXi410-201201402-BG

  ESXi 4.0 without patch ESXi400-201203402-BG

  ESXi 3.5 without patch ESXe350-201203402-T-BG

  ESX 4.1 without patch ESX410-201201401-SG

  ESX 4.0 without patch ESX400-201203401-SG

  ESX 3.5 without patch ESX350-201203402-BG");

  script_tag(name:"insight", value:"VMware hosted products and ESXi/ESX patches address privilege escalation.

  a. VMware Tools Incorrect Folder Permissions Privilege Escalation

  The access control list of the VMware Tools folder is incorrectly set.
  Exploitation of this issue may lead to local privilege escalation on
  Windows-based Guest Operating Systems.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("vmware_esx.inc");
include("version_func.inc");

if(!get_kb_item("VMware/ESXi/LSC"))
  exit(0);

if(!esxVersion = get_kb_item("VMware/ESX/version"))
  exit(0);

patches = make_array("4.1.0", "ESXi410-201201402-BG",
                     "4.0.0", "ESXi400-201203402-BG",
                     "5.0.0", "VIB:tools-light:5.0.0-0.10.608089");

if(!patches[esxVersion])
  exit(99);

if(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310103466", "type": "openvas", "bulletinFamily": "scanner", "title": "VMware ESXi/ESX patches address privilege escalation (VMSA-2012-0007)", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.", "published": "2012-04-13T00:00:00", "modified": "2019-12-18T00:00:00", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103466", "reporter": "Copyright (C) 2012 Greenbone Networks GmbH", "references": ["http://www.vmware.com/security/advisories/VMSA-2012-0007.html"], "cvelist": ["CVE-2012-1518"], "lastseen": "2019-12-19T16:08:41", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1518"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12346", "SECURITYVULNS:DOC:28005"]}, {"type": "nessus", "idList": ["MACOSX_FUSION_4_1_2.NASL", "VMWARE_PLAYER_PRIV_ESC_VMSA_2012_0007.NASL", "VMWARE_VMSA-2012-0007.NASL", "VMWARE_ESXI_5_0_BUILD_608089_REMOTE.NASL", "VMWARE_WORKSTATION_PRIV_ESC_VMSA_2012_0007.NASL", "VMWARE_VMSA-2012-0007_REMOTE.NASL"]}, {"type": "seebug", "idList": ["SSV:60065"]}, {"type": "vmware", "idList": ["VMSA-2012-0007"]}, {"type": "openvas", "idList": ["OPENVAS:103466"]}], "modified": "2019-12-19T16:08:41", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-12-19T16:08:41", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "1361412562310103466", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2012-0007 VMware hosted products and ESX patches address privilege escalation\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103466\");\n script_cve_id(\"CVE-2012-1518\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX patches address privilege escalation (VMSA-2012-0007)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:53:01 +0100 (Fri, 13 Apr 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0007.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.\");\n\n script_tag(name:\"affected\", value:\"ESXi 5.0 without patch ESXi500-201203102-SG\n\n ESXi 4.1 without patch ESXi410-201201402-BG\n\n ESXi 4.0 without patch ESXi400-201203402-BG\n\n ESXi 3.5 without patch ESXe350-201203402-T-BG\n\n ESX 4.1 without patch ESX410-201201401-SG\n\n ESX 4.0 without patch ESX400-201203401-SG\n\n ESX 3.5 without patch ESX350-201203402-BG\");\n\n script_tag(name:\"insight\", value:\"VMware hosted products and ESXi/ESX patches address privilege escalation.\n\n a. VMware Tools Incorrect Folder Permissions Privilege Escalation\n\n The access control list of the VMware Tools folder is incorrectly set.\n Exploitation of this issue may lead to local privilege escalation on\n Windows-based Guest Operating Systems.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201201402-BG\",\n \"4.0.0\", \"ESXi400-201203402-BG\",\n \"5.0.0\", \"VIB:tools-light:5.0.0-0.10.608089\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "VMware Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T12:06:01", "description": "VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.", "edition": 3, "cvss3": {}, "published": "2012-04-17T21:55:00", "title": "CVE-2012-1518", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1518"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/o:vmware:esx:3.5", "cpe:/a:vmware:player:4.0.2", "cpe:/a:vmware:fusion:4.1.1", "cpe:/a:vmware:player:4.0.1", "cpe:/a:vmware:player:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/a:vmware:fusion:4.0", "cpe:/a:vmware:fusion:4.0.1", "cpe:/o:vmware:esxi:3.5", "cpe:/a:vmware:fusion:4.1", "cpe:/o:vmware:esxi:5.0", "cpe:/a:vmware:workstation:8.0", "cpe:/a:vmware:fusion:4.0.2", "cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1", "cpe:/a:vmware:workstation:8.0.1"], "id": "CVE-2012-1518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1518", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vmware:fusion:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*", "cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*", "cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*", "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:10:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1518"], "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.\n\nSummary\nVMware hosted products and ESXi/ESX patches address privilege escalation.\n\nRelevant releases\n\nWorkstation 8.0.1 and earlier\nPlayer 4.0.1 and earlier\nFusion 4.1.1 and earlier\nESXi 5.0 without patch ESXi500-201203102-SG\nESXi 4.1 without patch ESXi410-201201402-BG\nESXi 4.0 without patch ESXi400-201203402-BG\nESXi 3.5 without patch ESXe350-201203402-T-BG\nESX 4.1 without patch ESX410-201201401-SG\nESX 4.0 without patch ESX400-201203401-SG\nESX 3.5 without patch ESX350-201203402-BG\n \nProblem Description\na. VMware Tools Incorrect Folder Permissions Privilege Escalation\n\nThe access control list of the VMware Tools folder is incorrectly set.\nExploitation of this issue may lead to local privilege escalation on\nWindows-based Guest Operating Systems.\n\nSolution\nApply the missing patch(es).", "modified": "2017-04-20T00:00:00", "published": "2012-04-13T00:00:00", "id": "OPENVAS:103466", "href": "http://plugins.openvas.org/nasl.php?oid=103466", "type": "openvas", "title": "VMSA-2012-0007 VMware hosted products and ESX patches address privilege escalation", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0007.nasl 5988 2017-04-20 09:02:29Z teissa $\n#\n# VMSA-2012-0007 VMware hosted products and ESX patches address privilege escalation\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.\n\nSummary\nVMware hosted products and ESXi/ESX patches address privilege escalation.\n\nRelevant releases\n\nWorkstation 8.0.1 and earlier\nPlayer 4.0.1 and earlier\nFusion 4.1.1 and earlier\nESXi 5.0 without patch ESXi500-201203102-SG\nESXi 4.1 without patch ESXi410-201201402-BG\nESXi 4.0 without patch ESXi400-201203402-BG\nESXi 3.5 without patch ESXe350-201203402-T-BG\nESX 4.1 without patch ESX410-201201401-SG\nESX 4.0 without patch ESX400-201203401-SG\nESX 3.5 without patch ESX350-201203402-BG\n \nProblem Description\na. VMware Tools Incorrect Folder Permissions Privilege Escalation\n\nThe access control list of the VMware Tools folder is incorrectly set.\nExploitation of this issue may lead to local privilege escalation on\nWindows-based Guest Operating Systems.\n\nSolution\nApply the missing patch(es).\";\n\n\nif (description)\n{\n script_id(103466);\n script_cve_id(\"CVE-2012-1518\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 5988 $\");\n script_name(\"VMSA-2012-0007 VMware hosted products and ESX patches address privilege escalation\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-20 11:02:29 +0200 (Thu, 20 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:53:01 +0100 (Fri, 13 Apr 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2012-0007.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\",\"ESXi410-201201402-BG\",\n \"4.0.0\",\"ESXi400-201203402-BG\",\n \"5.0.0\",\"VIB:tools-light:5.0.0-0.10.608089\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-1518"], "description": "VMWare Tools folder weak permissions", "edition": 1, "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "SECURITYVULNS:VULN:12346", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12346", "title": "VMWare ESXi / ESX weak permissions", "type": "securityvulns", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-1518"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n -----------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2012-0007\r\nSynopsis: VMware hosted products and ESXi/ESX patches address\r\n privilege escalation\r\nIssue date: 2012-04-12\r\nUpdated on: 2012-04-12 (initial advisory)\r\nCVE numbers: CVE-2012-1518\r\n -----------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware hosted products and ESXi/ESX patches address privilege\r\n escalation.\r\n\r\n2. Relevant releases\r\n\r\n Workstation 8.0.1 and earlier\r\n\r\n Player 4.0.1 and earlier\r\n\r\n Fusion 4.1.1 and earlier\r\n \r\n ESXi 5.0 without patch ESXi500-201203102-SG\r\n ESXi 4.1 without patch ESXi410-201201402-BG\r\n ESXi 4.0 without patch ESXi400-201203402-BG\r\n ESXi 3.5 without patch ESXe350-201203402-T-BG\r\n\r\n ESX 4.1 without patch ESX410-201201401-SG\r\n ESX 4.0 without patch ESX400-201203401-SG\r\n ESX 3.5 without patch ESX350-201203402-BG\r\n\r\n3. Problem Description\r\n\r\n a. VMware Tools Incorrect Folder Permissions Privilege Escalation\r\n\r\n The access control list of the VMware Tools folder is incorrectly\r\n set. Exploitation of this issue may lead to local privilege\r\n escalation on Windows-based Guest Operating Systems.\r\n\r\n VMware would like to thank Tavis Ormandy for reporting this issue\r\n to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the name CVE-2012-1518 to this issue. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is\r\n available.\r\n \r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch *\r\n ============= ======== ======= =================\r\n vCenter any Windows not affected\r\n\r\n Workstation 8.x any 8.0.2 or later\r\n\r\n Player 4.x any 4.0.2 or later\r\n\r\n Fusion 4.x Mac OS/X 4.1.2 or later **\r\n\r\n ESXi 5.0 ESXi ESXi500-201203102-SG\r\n ESXi 4.1 ESXi ESXi410-201201402-BG\r\n ESXi 4.0 ESXi ESXi400-201203402-BG\r\n ESXi 3.5 ESXi ESXe350-201203402-T-BG\r\n\r\n ESX 4.1 ESX ESX410-201201401-SG\r\n ESX 4.0 ESX ESX400-201203401-SG\r\n ESX 3.5 ESX ESX350-201203402-BG\r\n \r\n * Notes on updating VMware Guest Tools:\r\n \r\n After the update or patch is applied, VMware Guest Tools must be\r\n updated in any pre-existing Windows-based Guest Operating\r\n System.\r\n\r\n Windows-Based Virtual Machines that have moved to Workstation 8,\r\n Player 4 or Fusion 4 from a lower version of Workstation, Player\r\n or Fusion are affected.\r\n\r\n ** The built-in update feature of Fusion can be used immediately to\r\n upgrade to 4.1.2. The Web download of Fusion 4.1.2 will be\r\n available on 2012-04-14.\r\n \r\n4. Solution\r\n Please review the patch/release notes for your product and\r\n version and verify the checksum of your downloaded file.\r\n\r\n Workstation 8.0.2\r\n -----------------\r\n http://www.vmware.com/go/downloadworkstation\r\n \r\n Release notes:\r\n \r\nhttps://www.vmware.com/support/ws80/doc/releasenotes_workstation_802.html\r\n \r\n VMware Workstation for Windows 32-bit and 64-bit with VMware Tools\r\n md5sum: 912df11644fccac439b6fc5f80af5cdb\r\n sha1sum: 67af885d20a30f6074e2511f89ffff4fee321880\r\n\r\n VMware Workstation for Linux 32-bit with VMware Tools\r\n md5sum: 121b026836091e6d06b09588afbbb4ed\r\n sha1sum: 94c4d04b7b24ae03ead29f17445d576173d40bb4\r\n\r\n VMware Workstation for Linux 64-bit with VMware Tools\r\n md5sum: 0f41ba61117704201cfe99892405e179\r\n sha1sum: 6ad52e8f0768e279639cd41abeda4f9358b40d0f\r\n\r\n Player 4.0.2\r\n -------------\r\n http://www.vmware.com/go/downloadplayer\r\n \r\n Release notes:\r\n https://www.vmware.com/support/player40/doc/releasenotes_player402.html\r\n\r\n VMware Player for Windows 32-bit and 64-bit\r\n md5sum: 8ec9f7cb9556bad9c910a8a9794b3b57\r\n sha1sum: d3613399fc25273ea51ead82ad8bf359f7fda6d1\r\n\r\n VMware Player for Linux 32-bit\r\n md5sum: 9fd4bb474a47d5c538e5e806f91e5a40\r\n sha1sum: a3973dd32a1a39644d30532dc4cb4c6216869415\r\n\r\n VMware Player for Linux 64-bit\r\n md5sum: 5ba343c2c0392970ecceefa8397ac233\r\n sha1sum: d417eb8538660db4ef07271fcc08152a3494bb58\r\n \r\n Fusion 4.1.2\r\n ------------\r\n http://www.vmware.com/go/downloadfusion\r\n\r\n Release Notes:\r\n http://www.vmware.com/support/fusion4/doc/releasenotes_fusion_412.html\r\n \r\n VMware Fusion (for Intel-based Macs)\r\n md5sum: 1a40b9792306cbf4664dd72ac79baecf\r\n sha1sum: e4a9c6d60887ea8ff0fc7e770c4922cc7004b3e9\r\n\r\n ESXi and ESX\r\n ------------\r\n http://downloads.vmware.com/go/selfsupport-download\r\n\r\n ESXi 5.0\r\n --------\r\n update-from-esxi5.0-5.0_update01\r\n md5sum: 55c25bd990e2881462bc5b66fb5f6c39\r\n sha1sum: ecd871bb09b649c6c8c13de82d579d4b7dcadc88\r\n http://kb.vmware.com/kb/2010823\r\n\r\n update-from-esxi5.0-5.0_update01 contains ESXi500-201203102-SG\r\n\r\n ESXi 4.1\r\n --------\r\n ESXi410-201201001\r\n md5sum: bdf86f10a973346e26c9c2cd4c424e88\r\n sha1sum: cc0b92869a9aae4f5e0e5b81bee109bcd7da780f\r\n http://kb.vmware.com/kb/2009144\r\n\r\n ESXi410-201201001 contains ESXi410-201201402-BG\r\n\r\n ESXi 4.0\r\n --------\r\n ESXi400-201203001\r\n md5sum: 8054b2e7c9cd024e492ac5c1fb9c1e72\r\n sha1sum: 6150fee114d70603ccae399f42b905a6b1a7f3e1\r\n http://kb.vmware.com/kb/2011768\r\n\r\n ESXi400-201203001 contains ESXi400-201203402-BG\r\n\r\n ESXi 3.5\r\n --------\r\n ESXe350-201203401-O-SG\r\n md5sum: 44124458684d6d1b957b4e39cbe97d77\r\n sha1sum: 2255311bc6c27e127e075040eb1f98649b5ce8be\r\n http://kb.vmware.com/kb/2009161\r\n\r\n ESXe350-201203401-O-SG contains ESXe350-201203402-T-BG\r\n\r\n ESX 4.1\r\n -------\r\n ESX410-201201001\r\n md5sum: 16df9acd3e74bcabc2494bc23ad0927f\r\n sha1sum: 1066ae1436e1a75ba3d541ab65296cfb9ab7a5cc\r\n http://kb.vmware.com/kb/2009080\r\n\r\n ESX410-201201001 contains ESX410-201201401-SG\r\n\r\n ESX 4.0\r\n -------\r\n ESX400-201203001\r\n md5sum: 02b7e883e8b438b83bf5e53a1be71ad3\r\n sha1sum: 34734a8edba225a332731205ee2d6575ad9e1c88\r\n http://kb.vmware.com/kb/2011767\r\n\r\n ESX400-201203001 contains ESX400-201203401-SG\r\n\r\n ESX 3.5\r\n -------\r\n ESX350-201203402-BG\r\n md5sum: d10cf5d4790a5750cdc6702da29bfdbd\r\n sha1sum: 10f4800205cd2ecf695ff15eb142a0c8ed98665c\r\n http://kb.vmware.com/kb/2009156\r\n\r\n5. References\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1518\r\n\r\n -----------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2012-04-12 VMSA-2012-0007\r\n Initial security advisory in conjunction with the release of\r\n Fusion 4.1.2 on 2012-04-12.\r\n\r\n -----------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n * security-announce at lists.vmware.com\r\n * bugtraq at securityfocus.com\r\n * full-disclosure at lists.grok.org.uk\r\n\r\nE-mail: security at vmware.com\r\nPGP key at: http://kb.vmware.com/kb/1055\r\n\r\nVMware Security Advisories\r\nhttp://www.vmware.com/security/advisories\r\n\r\nVMware security response policy\r\nhttp://www.vmware.com/support/policies/security_response.html\r\n\r\nGeneral support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2012 VMware Inc. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 9.8.3 (Build 4028)\r\nCharset: utf-8\r\n\r\nwj8DBQFPh22mDEcm8Vbi9kMRAhRkAJsGR10K+e+1x5T1sMkRW03EXLyqUgCdHN9z\r\nlhahaQ5SUsxYoodfIi3nJGw=\r\n=n5jJ\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "SECURITYVULNS:DOC:28005", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28005", "title": "VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation", "type": "securityvulns", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:52:39", "description": "BUGTRAQ ID: 53006\r\nCVE ID: CVE-2012-1518\r\n\r\nVMware\u662f\u4e00\u4e2a\u201c\u865a\u62dfPC\u201d\u8f6f\u4ef6\uff0c\u5b83\u4f7f\u4f60\u53ef\u4ee5\u5728\u4e00\u53f0\u673a\u5668\u4e0a\u540c\u65f6\u8fd0\u884c\u4e8c\u4e2a\u6216\u66f4\u591aWindows\u3001DOS\u3001LINUX\u7cfb\u7edf\u3002\r\n\r\n\u591a\u4e2aVMware\u4ea7\u54c1\u5728\u5b9e\u73b0\u4e2d\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u53ef\u88ab\u6076\u610f\u7528\u6237\u5229\u7528\u4ee5\u63d0\u5347\u7684\u6743\u9650\u5728Windows\u5ba2\u6237\u7aef\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nVMWare VMWare Workstation 8.0.1\r\nVMWare Player 4.0.1\r\nVMWare Fusion 4.1.1\r\nVMWare ESX 4.1\r\nVMWare ESX 4.0\r\nVMWare ESX 3.5\r\nVMWare ESXi 5.0\r\nVMWare ESXi 4.1\r\nVMWare ESXi 4.0\r\nVMWare ESXi 3.5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nVMWare\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.vmware.com/security/", "published": "2012-04-16T00:00:00", "type": "seebug", "title": "VMware\u591a\u4e2a\u4ea7\u54c1\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-1518"], "modified": "2012-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60065", "id": "SSV:60065", "sourceData": "", "sourceHref": "", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T07:00:23", "description": "The VMware Workstation installation detected on the remote host is\n8.x earlier than 8.0.2 and thus is potentially affected by a local \nprivilege escalation vulnerability because the access control list of\nthe VMware Tools folder is incorrectly set.\n\nBy exploiting this issue, a local attacker could elevate his privileges\non Windows-based Guest Operating Systems.", "edition": 23, "published": "2012-04-19T00:00:00", "title": "VMware Products Local Privilege Escalation (VMSA-2012-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1518"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:workstation"], "id": "VMWARE_WORKSTATION_PRIV_ESC_VMSA_2012_0007.NASL", "href": "https://www.tenable.com/plugins/nessus/58794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58794);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2012-1518\");\n script_bugtraq_id(53006);\n script_xref(name:\"VMSA\", value:\"2012-0007\");\n\n script_name(english:\"VMware Products Local Privilege Escalation (VMSA-2012-0007)\");\n script_summary(english:\"Checks vulnerable versions of VMware products\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application affected by a local\nprivilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware Workstation installation detected on the remote host is\n8.x earlier than 8.0.2 and thus is potentially affected by a local \nprivilege escalation vulnerability because the access control list of\nthe VMware Tools folder is incorrectly set.\n\nBy exploiting this issue, a local attacker could elevate his privileges\non Windows-based Guest Operating Systems.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0007.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000172.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation 8.0.2 or later.\n\nIn addition to patching, VMware Tools must be updated on all non-\nWindows guest VMs in order to completely mitigate the\nvulnerability.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_workstation_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"VMware/Workstation/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"audit.inc\");\n\n\nversion = get_kb_item_or_exit(\"VMware/Workstation/Version\");\nfix = '8.0.2';\n\nif (version =~ '^8\\\\.' && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = kb_smb_transport();\n if (report_verbosity > 0)\n {\n report += \n '\\n Installed version : '+version+\n '\\n Fixed version : ' + fix + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Workstation\", version);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T07:00:06", "description": "The VMware Player installation detected on the remote host is 4.0.x\nearlier than 4.0.2 and thus is potentially affected by a local\nprivilege escalation vulnerability because the access control list of\nthe VMware Tools folder is incorrectly set. \n\nBy exploiting this issue, a local attacker could elevate his\nprivileges on Windows-based Guest Operating Systems.", "edition": 23, "published": "2012-04-19T00:00:00", "title": "VMware Player Local Privilege Escalation (VMSA-2012-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1518"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:player"], "id": "VMWARE_PLAYER_PRIV_ESC_VMSA_2012_0007.NASL", "href": "https://www.tenable.com/plugins/nessus/58793", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58793);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2012-1518\");\n script_bugtraq_id(53006);\n script_xref(name:\"VMSA\", value:\"2012-0007\");\n\n script_name(english:\"VMware Player Local Privilege Escalation (VMSA-2012-0007)\");\n script_summary(english:\"Checks vulnerable versions of VMware products\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application affected by a local\nprivilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware Player installation detected on the remote host is 4.0.x\nearlier than 4.0.2 and thus is potentially affected by a local\nprivilege escalation vulnerability because the access control list of\nthe VMware Tools folder is incorrectly set. \n\nBy exploiting this issue, a local attacker could elevate his\nprivileges on Windows-based Guest Operating Systems.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0007.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000172.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Player 4.0.2 or later. \n\nIn addition to patching, VMware Tools must be updated on all non-\nWindows guest VMs in order to completely mitigate the\nvulnerability.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_player_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"VMware/Player/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"audit.inc\");\n\n\nversion = get_kb_item_or_exit(\"VMware/Player/Version\");\nfix = '4.0.2';\n\nif (version =~ '^4\\\\.' && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = kb_smb_transport();\n\n if (report_verbosity > 0) \n {\n report +=\n '\\n Installed version : '+version+\n '\\n Fixed version : ' + fix + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Player\", version);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:30:03", "description": "The version of VMware Fusion 4.x installed on the Mac OS X host is\nearlier than 4.1.2. As such, it is reportedly affected by a local\nprivilege escalation vulnerability because the access control list of\nthe VMware Tools folder is incorrectly set.\n\nBy exploiting this issue, a local attacker could elevate his privileges\non Windows-based Guest Operating Systems.", "edition": 23, "published": "2012-04-19T00:00:00", "title": "VMware Fusion 4.x < 4.1.2 (VMSA-2012-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1518"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:vmware:fusion"], "id": "MACOSX_FUSION_4_1_2.NASL", "href": "https://www.tenable.com/plugins/nessus/58792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58792);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2012-1518\");\n script_bugtraq_id(53006);\n script_xref(name:\"VMSA\", value:\"2012-0007\");\n\n script_name(english:\"VMware Fusion 4.x < 4.1.2 (VMSA-2012-0007)\");\n script_summary(english:\"Checks version of Fusion\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization application affected by a local\nprivilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Fusion 4.x installed on the Mac OS X host is\nearlier than 4.1.2. As such, it is reportedly affected by a local\nprivilege escalation vulnerability because the access control list of\nthe VMware Tools folder is incorrectly set.\n\nBy exploiting this issue, a local attacker could elevate his privileges\non Windows-based Guest Operating Systems.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0007.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000172.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Fusion 4.1.2 or later. \n\nIn addition to patching, VMware Tools must be updated on all Windows\nguest VMs in order to completely mitigate the vulnerability.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:fusion\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_fusion_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"MacOSX/Fusion/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Fusion/Version\");\nfixed_version = \"4.1.2\";\n\nif (version =~ '^4\\\\.' && ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed version : ' + version + \n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware Fusion\", version);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T15:21:12", "description": "a. VMware Tools Incorrect Folder Permissions Privilege Escalation\n\n The access control list of the VMware Tools folder is incorrectly\n set. Exploitation of this issue may lead to local privilege\n escalation on Windows-based Guest Operating Systems.\n\n VMware would like to thank Tavis Ormandy for reporting this issue\n to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-1518 to this issue.", "edition": 25, "published": "2012-04-13T00:00:00", "title": "VMSA-2012-0007 : VMware hosted products and ESXi/ESX patches address privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1518"], "modified": "2012-04-13T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esx:4.0"], "id": "VMWARE_VMSA-2012-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/58744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0007. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58744);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1518\");\n script_xref(name:\"VMSA\", value:\"2012-0007\");\n\n script_name(english:\"VMSA-2012-0007 : VMware hosted products and ESXi/ESX patches address privilege escalation\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote VMware ESXi / ESX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. VMware Tools Incorrect Folder Permissions Privilege Escalation\n\n The access control list of the VMware Tools folder is incorrectly\n set. Exploitation of this issue may lead to local privilege\n escalation on Windows-based Guest Operating Systems.\n\n VMware would like to thank Tavis Ormandy for reporting this issue\n to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2012-1518 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000181.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-04-12\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201203401-SG\",\n patch_updates : make_list(\"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201201401-SG\",\n patch_updates : make_list(\"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\n\nif (esx_check(ver:\"ESXi 5.0\", vib:\"VMware:tools-light:5.0.0-0.10.608089\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T15:21:12", "description": "The remote ESX/ESXi host is missing a security-related patch. It is,\ntherefore, affected by a privilege escalation vulnerability due to the\nuse of an incorrect Access Control List (ACL) for the VMware Tools\nfolder. An adjacent attacker can exploit this to gain elevated\nprivileges on Windows-based guest operating systems.", "edition": 24, "published": "2016-03-03T00:00:00", "title": "VMware ESX / ESXi Tools Folder Incorrect ACL Privilege Escalation (VMSA-2012-0007) (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1518"], "modified": "2016-03-03T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2012-0007_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89108);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1518\");\n script_bugtraq_id(53006);\n script_xref(name:\"VMSA\", value:\"2012-0007\");\n\n script_name(english:\"VMware ESX / ESXi Tools Folder Incorrect ACL Privilege Escalation (VMSA-2012-0007) (remote check)\");\n script_summary(english:\"Checks the remote ESX/ESXi host's version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote ESX/ESXi host is missing a security-related patch. It is,\ntherefore, affected by a privilege escalation vulnerability due to the\nuse of an incorrect Access Control List (ACL) for the VMware Tools\nfolder. An adjacent attacker can exploit this to gain elevated\nprivileges on Windows-based guest operating systems.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nesx = \"ESX/ESXi\";\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, esx);\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\nproduct = \"VMware \" + esx;\n\n# fix builds\nfixes = make_array(\n \"ESX 3.5\", 604481,\n \"ESXi 3.5\", 604481,\n \"ESX 4.0\", 660575,\n \"ESXi 4.0\", 660575,\n \"ESX 4.1\", 582267,\n \"ESXi 4.1\", 582267,\n \"ESXi 5.0\", 623860\n);\n\n# security-only fix builds\nsec_only_builds = make_array(\n \"ESXi 5.0\", 608089\n);\n\nkey = esx + ' ' + ver;\nfix = NULL;\nfix = fixes[key];\nsec_fix = NULL;\nsec_fix = sec_only_builds[key];\n\nbmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);\nif (empty_or_null(bmatch))\n audit(AUDIT_UNKNOWN_BUILD, product, ver);\n\nbuild = int(bmatch[1]);\n\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n\nif (build < fix && build != sec_fix)\n{\n # if there is a security fix\n if (sec_fix)\n fix = fix + \" / \" + sec_fix;\n\n # properly spaced label\n if (\"ESXi\" >< esx) ver_label = ' version : ';\n else ver_label = ' version : ';\n report = '\\n ' + esx + ver_label + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:59:49", "description": "The remote VMware ESXi 5.0 host is affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n big2_toUtf8() function in file lib/xmltok.c in the\n libexpat library. A remote attacker can exploit this,\n via an XML document having malformed UTF-8 sequences, to\n cause a buffer over-read, thus crashing the application.\n (CVE-2009-3560)\n\n - A denial of service vulnerability exists in the\n updatePosition() function in file lib/xmltok.c in the\n libexpat library. A remote attacker can exploit this,\n via an XML document having malformed UTF-8 sequences, to\n cause a buffer over-read, thus crashing the application.\n (CVE-2009-3720)\n\n - An integer overflow condition exists in the\n BZ2_decompress() function in file decompress.c in the\n bzip2 and libbzip2 library. A remote attacker can\n exploit this, via a crafted compressed file, to cause\n a denial of service or the execution of arbitrary code.\n (CVE-2010-0405)\n\n - A denial of service vulnerability exists in the audioop\n module due to multiple integer overflows conditions in\n file audioop.c. A remote attacker can exploit this, via\n a large fragment or argument, to cause a buffer\n overflow, resulting in an application crash.\n (CVE-2010-1634)\n\n - A denial of service vulnerability exists in the audioop\n module due to a failure to verify the relationships\n between size arguments and byte string length. A remote\n attacker can exploit this, via crafted arguments, to\n cause memory corruption, resulting in an application\n crash. (CVE-2010-2089)\n\n - A flaw exists in the urllib and urllib2 modules due to\n processing Location headers that specify redirection to\n a file. A remote attacker can exploit this, via a\n crafted URL, to gain sensitive information or cause a\n denial of service. (CVE-2011-1521)\n\n - A privilege escalation vulnerability exists due to an\n incorrect ACL being used for the VMware Tools folder. An\n attacker on an adjacent network with access to a guest\n operating system can exploit this to gain elevated\n privileges on the guest operating system.\n (CVE-2012-1518)", "edition": 25, "published": "2013-11-13T00:00:00", "title": "ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1521", "CVE-2012-1518", "CVE-2010-2089", "CVE-2010-0405", "CVE-2009-3720", "CVE-2010-1634", "CVE-2009-3560"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0"], "id": "VMWARE_ESXI_5_0_BUILD_608089_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/70881", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70881);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2009-3560\",\n \"CVE-2009-3720\",\n \"CVE-2010-0405\",\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2011-1521\",\n \"CVE-2012-1518\"\n );\n script_bugtraq_id(\n 36097,\n 37203,\n 40370,\n 40863,\n 43331,\n 47024,\n 53006\n );\n script_xref(name:\"VMSA\", value:\"2012-0001\");\n script_xref(name:\"IAVB\", value:\"2010-B-0083\");\n script_xref(name:\"VMSA\", value:\"2012-0005\");\n script_xref(name:\"VMSA\", value:\"2012-0007\");\n script_xref(name:\"EDB-ID\", value:\"34145\");\n\n script_name(english:\"ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n big2_toUtf8() function in file lib/xmltok.c in the\n libexpat library. A remote attacker can exploit this,\n via an XML document having malformed UTF-8 sequences, to\n cause a buffer over-read, thus crashing the application.\n (CVE-2009-3560)\n\n - A denial of service vulnerability exists in the\n updatePosition() function in file lib/xmltok.c in the\n libexpat library. A remote attacker can exploit this,\n via an XML document having malformed UTF-8 sequences, to\n cause a buffer over-read, thus crashing the application.\n (CVE-2009-3720)\n\n - An integer overflow condition exists in the\n BZ2_decompress() function in file decompress.c in the\n bzip2 and libbzip2 library. A remote attacker can\n exploit this, via a crafted compressed file, to cause\n a denial of service or the execution of arbitrary code.\n (CVE-2010-0405)\n\n - A denial of service vulnerability exists in the audioop\n module due to multiple integer overflows conditions in\n file audioop.c. A remote attacker can exploit this, via\n a large fragment or argument, to cause a buffer\n overflow, resulting in an application crash.\n (CVE-2010-1634)\n\n - A denial of service vulnerability exists in the audioop\n module due to a failure to verify the relationships\n between size arguments and byte string length. A remote\n attacker can exploit this, via crafted arguments, to\n cause memory corruption, resulting in an application\n crash. (CVE-2010-2089)\n\n - A flaw exists in the urllib and urllib2 modules due to\n processing Location headers that specify redirection to\n a file. A remote attacker can exploit this, via a\n crafted URL, to gain sensitive information or cause a\n denial of service. (CVE-2011-1521)\n\n - A privilege escalation vulnerability exists due to an\n incorrect ACL being used for the VMware Tools folder. An\n attacker on an adjacent network with access to a guest\n operating system can exploit this to gain elevated\n privileges on the guest operating system.\n (CVE-2012-1518)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2011432\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e527c97\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0005.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0007.html\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2010823\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1d92f8f\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2011433\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e044b71b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patches ESXi500-201203102-SG and ESXi500-201203101-SG according\nto the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 608089;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse exit(0, \"The host has \"+ver+\" build \"+build+\" and thus is not affected.\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1518"], "description": "a. VMware Tools Incorrect Folder Permissions Privilege Escalation \nThe access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems. \nVMware would like to thank Tavis Ormandy for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project ([cve.mitre.org](<http://www.cve.mitre.org/>)) has assigned the name CVE-2012-1518 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2012-06-13T00:00:00", "published": "2012-04-12T00:00:00", "id": "VMSA-2012-0007", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0007.html", "title": "VMware hosted products and ESXi/ESX patches address privilege escalation", "type": "vmware", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}]}