VMSA-2008-0018 : VMware Hosted products and patches for ESX and ESXi resolve two security issues

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. A privilege escalation on 32-bit and 64-bit guest operating systems

VMware products emulate hardware functions and create the
possibility to run guest operating systems.

A flaw in the CPU hardware emulation might allow the virtual CPU to
incorrectly handle the Trap flag. Exploitation of this flaw might
lead to a privilege escalation on guest operating systems. An
attacker needs a user account on the guest operating system and
have the ability to run applications.

VMware would like to thank Derek Soeder for discovering
this issue and working with us on its remediation.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4915 to this issue.

b. Directory traversal vulnerability

VirtualCenter allows administrators to have fine-grained privileges.
A directory traversal vulnerability might allow administrators to
increase these privileges. In order to leverage this flaw, the
administrator would need to have the Datastore.FileManagement
privilege.

VMware would like to thank Michel Toussaint for reporting this issue
to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4281 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2008/000042.html

Solution :

Apply the missing patch.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 40385 ()

Bugtraq ID: 32168
32172

CVE ID: CVE-2008-4281
CVE-2008-4915