ID de Prueba:	1.3.6.1.4.1.25623.1.0.103851
Categoría:	VMware Local Security Checks
Título:	VMware ESXi/ESX patches a guest privilege escalation (VMSA-2013-0014)
Resumen:	VMware Workstation, Fusion, ESXi and ESX patches; address a vulnerability in the LGTOSYNC.SYS driver which could result; in a privilege escalation on older Windows-based Guest Operating Systems.
Descripción:	Summary: VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems. Vulnerability Insight: a. VMware LGTOSYNC privilege escalation. VMware ESX, Workstation and Fusion contain a vulnerability in the handling of control code in lgtosync.sys. A local malicious user may exploit this vulnerability to manipulate the memory allocation. This could result in a privilege escalation on 32-bit Guest Operating Systems running Windows 2000 Server, Windows XP or Windows 2003 Server on ESXi and ESX, or Windows XP on Workstation and Fusion. The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System. Affected Software/OS: VMware ESXi 5.1 without patch ESXi510-201304102 VMware ESXi 5.0 without patch ESXi500-201303102 VMware ESXi 4.1 without patch ESXi410-201301402 VMware ESXi 4.0 without patch ESXi400-201305401 VMware ESX 4.1 without patch ESX410-201301401 VMware ESX 4.0 without patch ESX400-201305401 Solution: Apply the missing patch(es). CVSS Score: 7.9 CVSS Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3519
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.