CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
99.4%
The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details.
Impact :
Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information.
A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console.
Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS).
Workaround :
There is no known workaround at this time.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201209-25.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(62383);
script_version("1.26");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-5269", "CVE-2007-5503", "CVE-2007-5671", "CVE-2008-0967", "CVE-2008-1340", "CVE-2008-1361", "CVE-2008-1362", "CVE-2008-1363", "CVE-2008-1364", "CVE-2008-1392", "CVE-2008-1447", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-2098", "CVE-2008-2100", "CVE-2008-2101", "CVE-2008-4915", "CVE-2008-4916", "CVE-2008-4917", "CVE-2009-0040", "CVE-2009-0909", "CVE-2009-0910", "CVE-2009-1244", "CVE-2009-2267", "CVE-2009-3707", "CVE-2009-3732", "CVE-2009-3733", "CVE-2009-4811", "CVE-2010-1137", "CVE-2010-1138", "CVE-2010-1139", "CVE-2010-1140", "CVE-2010-1141", "CVE-2010-1142", "CVE-2010-1143", "CVE-2011-3868");
script_bugtraq_id(25956, 26650, 28276, 28289, 29444, 29552, 29557, 29637, 29639, 29640, 29641, 30131, 30937, 32168, 32597, 33827, 33990, 34373, 34471, 36630, 36841, 36842, 39104, 39392, 39394, 39395, 39396, 39397, 39407, 39949, 49942);
script_xref(name:"GLSA", value:"201209-25");
script_xref(name:"IAVA", value:"2008-A-0045");
script_name(english:"GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201209-25
(VMware Player, Server, Workstation: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in VMware Player, Server,
and Workstation. Please review the CVE identifiers referenced below for
details.
Impact :
Local users may be able to gain escalated privileges, cause a Denial of
Service, or gain sensitive information.
A remote attacker could entice a user to open a specially crafted file,
possibly resulting in the remote execution of arbitrary code, or a Denial
of Service. Remote attackers also may be able to spoof DNS traffic, read
arbitrary files, or inject arbitrary web script to the VMware Server
Console.
Furthermore, guest OS users may be able to execute arbitrary code on the
host OS, gain escalated privileges on the guest OS, or cause a Denial of
Service (crash the host OS).
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201209-25"
);
script_set_attribute(
attribute:"solution",
value:
"Gentoo discontinued support for VMware Player. We recommend that users
unmerge VMware Player:
# emerge --unmerge 'app-emulation/vmware-player'
NOTE: Users could upgrade to
“>=app-emulation/vmware-player-3.1.5”, however these packages are
not currently stable.
Gentoo discontinued support for VMware Workstation. We recommend that
users unmerge VMware Workstation:
# emerge --unmerge 'app-emulation/vmware-workstation'
NOTE: Users could upgrade to
“>=app-emulation/vmware-workstation-7.1.5”, however these packages
are not currently stable.
Gentoo discontinued support for VMware Server. We recommend that users
unmerge VMware Server:
# emerge --unmerge 'app-emulation/vmware-server'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploithub_sku", value:"EH-14-757");
script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"Vmware Server File Disclosure");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
script_cwe_id(16, 20, 22, 94, 119, 134, 189, 200, 264, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-player");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vmware-workstation");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/08");
script_set_attribute(attribute:"patch_publication_date", value:"2012/09/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"app-emulation/vmware-server", unaffected:make_list(), vulnerable:make_list("le 1.0.9.156507"))) flag++;
if (qpkg_check(package:"app-emulation/vmware-workstation", unaffected:make_list(), vulnerable:make_list("le 6.5.5.328052"))) flag++;
if (qpkg_check(package:"app-emulation/vmware-player", unaffected:make_list(), vulnerable:make_list("le 2.5.5.328052"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VMware Player / Server / Workstation");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5503
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4915
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4916
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4917
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3868
security.gentoo.org/glsa/201209-25
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
99.4%