VMware Player 6.x < 6.0.2 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005) (Linux)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains software that is affected by a privilege
escalation vulnerability.

Description :

The installed version of VMware Player 6.x running on the remote Linux
host is prior to 6.0.2. It is, therefore, reportedly affected by a
privilege escalation vulnerability.

A kernel NULL dereference flaw exists in VMware tools on Windows 8.1
guest hosts. An attacker could escalate his privileges on the guest
host.

Note that successful exploitation of the vulnerability does not allow
privilege escalation from the guest host to the host system.

See also :

http://www.nessus.org/u?7df547df

Solution :

Upgrade to VMware Player 6.0.2 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: General

Nessus Plugin ID: 74264 ()

Bugtraq ID: 67737

CVE ID: CVE-2014-3793