This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote VMware ESXi / ESX host is missing a security-related patch.
a. VMware LGTOSYNC privilege escalation.
VMware ESX, Workstation and Fusion contain a vulnerability
in the handling of control code in lgtosync.sys. A local
malicious user may exploit this vulnerability to manipulate the
memory allocation. This could result in a privilege
escalation on 32-bit Guest Operating Systems running Windows 2000
Server, Windows XP or Windows 2003 Server on ESXi and ESX
Windows XP on Workstation and Fusion.
The vulnerability does not allow for privilege escalation
from the Guest Operating System to the host. This means
that host memory can not be manipulated from the Guest
VMware would like to thank Derek Soeder of Cylance, Inc. for
reporting this issue to us.
The Common Vulnerabilityies and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-3519 to this issue.
See also :
Apply the missing patch.
Risk factor :
High / CVSS Base Score : 7.9
CVSS Temporal Score : 6.9
Public Exploit Available : false
Family: VMware ESX Local Security Checks
Nessus Plugin ID: 71214 ()
Bugtraq ID: 64075
CVE ID: CVE-2013-3519
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.