VMSA-2013-0002 : VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. VMware VMCI privilege escalation

VMware ESX, Workstation, Fusion, and View contain a
vulnerability in the handling of control code in vmci.sys.
A local malicious user may exploit this vulnerability to
manipulate the memory allocation through the Virtual
Machine Communication Interface (VMCI) code. This could
result in a privilege escalation on Windows-based hosts and
on Windows-based Guest Operating Systems.

The vulnerability does not allow for privilege escalation
from the Guest Operating System to the host (and vice versa).
This means that host memory can not be manipulated from the
Guest Operating System (and vice versa).

Systems that have VMCI disabled are also affected by this issue.

VMware would like to thank Derek Soeder of Cylance, Inc. and
Kostya Kortchinsky of Microsoft for independently reporting this
issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2013-1406 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2013/000202.html

Solution :

Apply the missing patch.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 64643 ()

Bugtraq ID: 57867

CVE ID: CVE-2013-1406