VMware Workstation 9.x < 9.0.3 Multiple Privilege Escalation Vulnerabilities (VMSA-2013-0013 / VMSA-2013-0014)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains software with known, local privilege
escalation vulnerabilities.

Description :

The installed version of VMware Workstation 9.x is prior to 9.0.3. It
is, therefore, affected by multiple local privilege escalation
vulnerabilities :

- An issue exists in the handling of shared libraries
that could allow a local, malicious user to escalate
privileges on Linux hosts. (CVE-2013-5972 /
VMSA-2013-0013)

- An issue exists in the handling of the LGTOSYNC.SYS
driver on Windows hosts that could allow a local,
malicious user to escalate privileges on 32-bit Guest
Operating Systems running Windows XP. Note that by
exploiting this issue, a local attacker could elevate
his privileges only on the Guest Operating System and
not on the host. (CVE-2013-3519 / VMSA-2013-0014)

See also :

http://www.vmware.com/security/advisories/VMSA-2013-0013.html
http://www.vmware.com/security/advisories/VMSA-2013-0014.html

Solution :

Update to VMware Workstation 9.0.3 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 71054 ()

Bugtraq ID: 63739
64075

CVE ID: CVE-2013-5972
CVE-2013-3519