VMware Local Security Checks : VMware ESXi patches address a guest privilege escalation (VMSA-2014-0005)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.105037

Category: VMware Local Security Checks

Title: VMware ESXi patches address a guest privilege escalation (VMSA-2014-0005)

Summary: VMware Workstation, Player, Fusion, and ESXi patches address a; vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.

Description: Summary:
VMware Workstation, Player, Fusion, and ESXi patches address a
vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.

Vulnerability Insight:
a. Guest privilege escalation in VMware Tools
A kernel NULL dereference vulnerability was found in VMware Tools
running on Microsoft Windows 8.1. Successful exploitation of this
issue could lead to an escalation of privilege in the guest operating
system.

The vulnerability does not allow for privilege escalation from the
Guest Operating System to the host. This means that host memory can
not be manipulated from the Guest Operating System.

Affected Software/OS:
ESXi 5.5 without patch ESXi550-201403102-SG

ESXi 5.1 without patch ESXi510-201404102-SG

ESXi 5.0 without patch ESXi500-201405102-SG

Solution:
Apply the missing patch(es).

CVSS Score:
5.8

CVSS Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3793
Bugtraq: 20140530 NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation (Google Search)
http://www.securityfocus.com/archive/1/532236/100/0/threaded
http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html
http://www.securitytracker.com/id/1030310
http://www.securitytracker.com/id/1030311
http://secunia.com/advisories/58894

Copyright Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.105037
Category:	VMware Local Security Checks
Title:	VMware ESXi patches address a guest privilege escalation (VMSA-2014-0005)
Summary:	VMware Workstation, Player, Fusion, and ESXi patches address a; vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1.
Description:	Summary: VMware Workstation, Player, Fusion, and ESXi patches address a vulnerability in VMware Tools which could result in a privilege escalation on Microsoft Windows 8.1. Vulnerability Insight: a. Guest privilege escalation in VMware Tools A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system. The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System. Affected Software/OS: ESXi 5.5 without patch ESXi550-201403102-SG ESXi 5.1 without patch ESXi510-201404102-SG ESXi 5.0 without patch ESXi500-201405102-SG Solution: Apply the missing patch(es). CVSS Score: 5.8 CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3793 Bugtraq: 20140530 NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation (Google Search) http://www.securityfocus.com/archive/1/532236/100/0/threaded http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html http://www.securitytracker.com/id/1030310 http://www.securitytracker.com/id/1030311 http://secunia.com/advisories/58894
Copyright	Copyright (C) 2014 Greenbone AG