VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi host is missing one or more security-related
patches.

Description :

a. ESXi, Workstation, Fusion SVGA memory corruption

ESXi, Workstation, Fusion have a heap buffer overflow and
uninitialized stack memory usage in SVGA. These issues may allow
a guest to execute code on the host.

VMware would like to thank ZDI and Team 360 Security from Qihoo for
reporting these issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifiers CVE-2017-4902 (heap issue) and
CVE-2017-4903 (stack issue) to these issues.

Note: ESXi 6.0 is affected by CVE-2017-4903 but not by CVE-2017-4902.

b. ESXi, Workstation, Fusion XHCI uninitialized memory usage

The ESXi, Workstation, and Fusion XHCI controller has uninitialized
memory usage. This issue may allow a guest to execute code on
the host. The issue is reduced to a Denial of Service of the guest
on ESXi 5.5.

VMware would like to thank ZDI and Team Sniper from Tencent Security
for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4904 to this issue.

c. ESXi, Workstation, Fusion uninitialized memory usage

ESXi, Workstation, and Fusion have uninitialized memory usage. This
issue may lead to an information leak.

VMware would like to thank ZDI and Team Sniper from Tencent Security
for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4905 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2017/000373.html

Solution :

Apply the missing patches.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 99102 ()

Bugtraq ID:

CVE ID: CVE-2017-4902
CVE-2017-4903
CVE-2017-4904
CVE-2017-4905

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now