VMSA-2013-0014 : VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. VMware LGTOSYNC privilege escalation.

VMware ESX, Workstation and Fusion contain a vulnerability
in the handling of control code in lgtosync.sys. A local
malicious user may exploit this vulnerability to manipulate the
memory allocation. This could result in a privilege
escalation on 32-bit Guest Operating Systems running Windows 2000
Server, Windows XP or Windows 2003 Server on ESXi and ESX
or
Windows XP on Workstation and Fusion.

The vulnerability does not allow for privilege escalation
from the Guest Operating System to the host. This means
that host memory can not be manipulated from the Guest
Operating System.

VMware would like to thank Derek Soeder of Cylance, Inc. for
reporting this issue to us.

The Common Vulnerabilityies and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-3519 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2013/000226.html

Solution :

Apply the missing patch.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 71214 ()

Bugtraq ID: 64075

CVE ID: CVE-2013-3519