Detections
Analytics

VMSA-2012-0007 : VMware hosted products and ESXi/ESX patches address privilege escalation

high Nessus Plugin ID 58744

Language:

Synopsis

The remote VMware ESXi / ESX host is missing a security-related patch.

Description

a. VMware Tools Incorrect Folder Permissions Privilege Escalation

 The access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.

 VMware would like to thank Tavis Ormandy for reporting this issue to us.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1518 to this issue.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2012/000181.html

Plugin Details

Severity: High

ID: 58744

File Name: vmware_VMSA-2012-0007.nasl

Version: 1.22

Type: local

Published: 4/13/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 8.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:4.0, cpe:/o:vmware:esx:4.1, cpe:/o:vmware:esxi:5.0

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2012

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2012-1518

VMSA: 2012-0007