VMware Player 12.1.x < 12.1.1 Shared Folders (HGFS) Guest DLL Hijacking Arbitrary Code Execution (VMSA-2016-0010) (Linux)

High Nessus Plugin ID 92944

Synopsis

A virtualization application installed on the remote host is affected by an arbitrary code execution vulnerability.

Description

The version of VMware Player installed on the remote host is 12.1.x prior to 12.1.1. It is, therefore, affected by an arbitrary code execution vulnerability in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user.

Solution

Upgrade to VMware Player 12.1.1 or later.

Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability.

See Also

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

Plugin Details

Severity: High

ID: 92944

File Name: vmware_player_linux_vmsa_2016_0010.nasl

Version: $Revision: 1.6 $

Type: local

Family: General

Published: 2016/08/12

Modified: 2016/11/29

Dependencies: 71051

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 9.6

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:vmware:player

Required KB Items: Host/VMware Player/Version

Excluded KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/08/04

Vulnerability Publication Date: 2016/08/04

Exploitable With

Metasploit (DLL Side Loading Vulnerability in VMware Host Guest Client Redirector)

Reference Information

CVE: CVE-2016-5330

BID: 92323

VMSA: 2016-0010