Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103851
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX patches a guest privilege escalation (VMSA-2013-0014)
Zusammenfassung:VMware Workstation, Fusion, ESXi and ESX patches; address a vulnerability in the LGTOSYNC.SYS driver which could result; in a privilege escalation on older Windows-based Guest Operating Systems.
Beschreibung:Summary:
VMware Workstation, Fusion, ESXi and ESX patches
address a vulnerability in the LGTOSYNC.SYS driver which could result
in a privilege escalation on older Windows-based Guest Operating Systems.

Vulnerability Insight:
a. VMware LGTOSYNC privilege escalation.

VMware ESX, Workstation and Fusion contain a vulnerability in the
handling of control code in lgtosync.sys. A local malicious user may
exploit this vulnerability to manipulate the memory allocation. This
could result in a privilege escalation on 32-bit Guest Operating
Systems running Windows 2000 Server, Windows XP or Windows 2003 Server
on ESXi and ESX, or Windows XP on Workstation and Fusion.

The vulnerability does not allow for privilege escalation from the
Guest Operating System to the host. This means that host memory can
not be manipulated from the Guest Operating System.

Affected Software/OS:
VMware ESXi 5.1 without patch ESXi510-201304102

VMware ESXi 5.0 without patch ESXi500-201303102

VMware ESXi 4.1 without patch ESXi410-201301402

VMware ESXi 4.0 without patch ESXi400-201305401

VMware ESX 4.1 without patch ESX410-201301401

VMware ESX 4.0 without patch ESX400-201305401

Solution:
Apply the missing patch(es).

CVSS Score:
7.9

CVSS Vector:
AV:A/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-3519
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.