VMSA-2012-0007 : VMware hosted products and ESXi/ESX patches address privilege escalation

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. VMware Tools Incorrect Folder Permissions Privilege Escalation

The access control list of the VMware Tools folder is incorrectly
set. Exploitation of this issue may lead to local privilege
escalation on Windows-based Guest Operating Systems.

VMware would like to thank Tavis Ormandy for reporting this issue
to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1518 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2012/000181.html

Solution :

Apply the missing patch.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 58744 ()

Bugtraq ID:

CVE ID: CVE-2012-1518

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial