VMware Workstation 9.x < 9.0.3 Multiple Privilege Escalation Vulnerabilities (VMSA-2013-0013 / VMSA-2013-0014)

high Nessus Plugin ID 71054

Synopsis

The remote host contains software with known, local privilege escalation vulnerabilities.

Description

The installed version of VMware Workstation 9.x is prior to 9.0.3. It is, therefore, affected by multiple local privilege escalation vulnerabilities :

- An issue exists in the handling of shared libraries that could allow a local, malicious user to escalate privileges on Linux hosts. (CVE-2013-5972 / VMSA-2013-0013)

- An issue exists in the handling of the LGTOSYNC.SYS driver on Windows hosts that could allow a local, malicious user to escalate privileges on 32-bit Guest Operating Systems running Windows XP. Note that by exploiting this issue, a local attacker could elevate his privileges only on the Guest Operating System and not on the host. (CVE-2013-3519 / VMSA-2013-0014)

Solution

Update to VMware Workstation 9.0.3 or later.

See Also

https://www.vmware.com/security/advisories/VMSA-2013-0013.html

https://www.vmware.com/security/advisories/VMSA-2013-0014.html

Plugin Details

Severity: High

ID: 71054

File Name: vmware_workstation_linux_9_0_3.nasl

Version: 1.11

Type: local

Agent: unix

Family: General

Published: 11/22/2013

Updated: 9/21/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-3519

Vulnerability Information

CPE: cpe:/a:vmware:workstation

Required KB Items: Host/VMware Workstation/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/14/2013

Vulnerability Publication Date: 11/14/2013

Reference Information

CVE: CVE-2013-3519, CVE-2013-5972

BID: 63739, 64075