VMware Local Security Checks : VMware ESXi updates address multiple important security issues (VMSA-2016-0010)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105851

Kategorie: VMware Local Security Checks

Titel: VMware ESXi updates address multiple important security issues (VMSA-2016-0010)

Zusammenfassung: A DLL hijacking vulnerability is present in the VMware Tools 'Shared Folders' (HGFS); feature running on Microsoft Windows.

Beschreibung: Summary:
A DLL hijacking vulnerability is present in the VMware Tools 'Shared Folders' (HGFS)
feature running on Microsoft Windows.

Vulnerability Impact:
Exploitation of this issue may lead to arbitrary code execution with the privileges
of the victim. In order to exploit this issue, the attacker would need write access to a network share and they
would need to entice the local user into opening their document.

Successfully exploiting this issue requires installation of 'Shared Folders' component (HGFS feature) which does not
get installed in 'custom/typical' installation of VMware Tools on Windows VM running on ESXi.

Affected Software/OS:
ESXi 6.0 without patch ESXi600-201603102-SG

ESXi 5.5 without patch ESXi550-201607102-SG

ESXi 5.1 without patch ESXi510-201605102-SG

ESXi 5.0 without patch ESXi500-201606102-SG

Solution:
Apply the missing patch(es).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5330
BugTraq ID: 92323
http://www.securityfocus.com/bid/92323
Bugtraq: 20160805 DLL side loading vulnerability in VMware Host Guest Client Redirector (Google Search)
http://www.securityfocus.com/archive/1/539131/100/0/threaded
http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload
https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html
http://www.securitytracker.com/id/1036544
http://www.securitytracker.com/id/1036545
http://www.securitytracker.com/id/1036619

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105851
Kategorie:	VMware Local Security Checks
Titel:	VMware ESXi updates address multiple important security issues (VMSA-2016-0010)
Zusammenfassung:	A DLL hijacking vulnerability is present in the VMware Tools 'Shared Folders' (HGFS); feature running on Microsoft Windows.
Beschreibung:	Summary: A DLL hijacking vulnerability is present in the VMware Tools 'Shared Folders' (HGFS) feature running on Microsoft Windows. Vulnerability Impact: Exploitation of this issue may lead to arbitrary code execution with the privileges of the victim. In order to exploit this issue, the attacker would need write access to a network share and they would need to entice the local user into opening their document. Successfully exploiting this issue requires installation of 'Shared Folders' component (HGFS feature) which does not get installed in 'custom/typical' installation of VMware Tools on Windows VM running on ESXi. Affected Software/OS: ESXi 6.0 without patch ESXi600-201603102-SG ESXi 5.5 without patch ESXi550-201607102-SG ESXi 5.1 without patch ESXi510-201605102-SG ESXi 5.0 without patch ESXi500-201606102-SG Solution: Apply the missing patch(es). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5330 BugTraq ID: 92323 http://www.securityfocus.com/bid/92323 Bugtraq: 20160805 DLL side loading vulnerability in VMware Host Guest Client Redirector (Google Search) http://www.securityfocus.com/archive/1/539131/100/0/threaded http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.securitytracker.com/id/1036619
Copyright	Copyright (C) 2016 Greenbone AG