ESXi 5.5 < Build 1474526 File Descriptors Privilege Escalation (remote check)

This script is (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi 5.5 host is affected by a privilege escalation
vulnerability.

Description :

The remote VMware ESXi 5.5 host is affected by an error in the
handling of certain Virtual Machine file descriptors. This could allow
an unprivileged user with the 'Add Existing Disk' privilege to obtain
read and write access to arbitrary files, possibly leading to
arbitrary code execution after a host reboot.

See also :

http://kb.vmware.com/kb/2063795

Solution :

Apply ESXi550-201312101-SG.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 71774 ()

Bugtraq ID: 64491

CVE ID: CVE-2013-5973