Lucene search
Copyright (C) 2013 Greenbone Networks GmbHOPENVAS:1361412562310103863HistoryDec 27, 2013 - 12:00 a.m.
VMware ESXi/ESX unauthorized file access through vCenter Server and ESX (VMSA-2013-0016) - Local Check
2013-12-2700:00:00
Copyright (C) 2013 Greenbone Networks GmbH
plugins.openvas.org
25
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.1%
VMware ESXi and ESX unauthorized file access through vCenter
Server and ESX.
# Copyright (C) 2013 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103863");
script_cve_id("CVE-2013-5973");
script_tag(name:"cvss_base", value:"4.4");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_version("2022-09-21T10:12:28+0000");
script_name("VMware ESXi/ESX unauthorized file access through vCenter Server and ESX (VMSA-2013-0016) - Local Check");
script_xref(name:"URL", value:"http://www.vmware.com/security/advisories/VMSA-2013-0016.html");
script_tag(name:"last_modification", value:"2022-09-21 10:12:28 +0000 (Wed, 21 Sep 2022)");
script_tag(name:"creation_date", value:"2013-12-27 10:04:01 +0100 (Fri, 27 Dec 2013)");
script_category(ACT_GATHER_INFO);
script_family("VMware Local Security Checks");
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_dependencies("gb_vmware_esxi_init.nasl");
script_mandatory_keys("VMware/ESXi/LSC", "VMware/ESX/version");
script_tag(name:"summary", value:"VMware ESXi and ESX unauthorized file access through vCenter
Server and ESX.");
script_tag(name:"vuldetect", value:"Checks if the target host is missing one or more patch(es).");
script_tag(name:"insight", value:"VMware ESXi and ESX contain a vulnerability in the handling of
certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server
user with the privilege 'Add Existing Disk' to obtain read and write access to arbitrary files on
ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary
files. Modifying certain files may allow for code execution after a host reboot.
Unprivileged vCenter Server users or groups that are assigned the predefined role
'Virtual Machine Power User' or 'Resource Pool Administrator' have the privilege
'Add Existing Disk'.
The issue cannot be exploited through VMware vCloud Director.");
script_tag(name:"affected", value:"VMware ESXi 5.5 without patch ESXi550-201312001
VMware ESXi 5.1 without patch ESXi510-201310001
VMware ESXi 5.0 without patch update-from-esxi5.0-5.0_update03
VMware ESXi 4.1 without patch ESXi410-201312001
VMware ESXi 4.0 without patch ESXi400-201310001
VMware ESX 4.1 without patch ESX410-201312001
VMware ESX 4.0 without patch ESX400-201310001");
script_tag(name:"solution", value:"Apply the missing patch(es).
Workaround
A workaround is provided in VMware Knowledge Base article 2066856.
Mitigation
In a default vCenter Server installation no unprivileged users or groups are assigned the
predefined role 'Virtual Machine Power User' or 'Resource Pool Administrator'. Restrict the number
of vCenter Server users that have the privilege 'Add Existing Disk'.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("vmware_esx.inc");
include("version_func.inc");
if(!get_kb_item("VMware/ESXi/LSC"))
exit(0);
if(!esxVersion = get_kb_item("VMware/ESX/version"))
exit(0);
patches = make_array("4.0.0", "ESXi400-201310401-SG",
"4.1.0", "ESXi410-201312401-SG",
"5.0.0", "VIB:esx-base:5.0.0-2.38.1311177",
"5.1.0", "VIB:esx-base:5.1.0-1.19.1312874",
"5.5.0", "VIB:esx-base:5.5.0-0.7.1474526");
if(!patches[esxVersion])
exit(99);
if(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {
security_message(port:0, data:report);
exit(0);
}
exit(99);
Related
openvas
openvas
vmware
vmware
VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
2013-12-22 00:00:00
jvn
jvn
JVN#13154935: VMware ESX and ESXi may allow access to arbitrary files
2013-12-24 00:00:00
securityvulns
securityvulns
VMWare ESX / ESXi privilege escalation
2013-12-24 00:00:00
prion
prion
Design/Logic Flaw
2013-12-23 15:42:00
nvd
nvd
CVE-2013-5973
2013-12-23 15:42:30
nessus
nessus
cvelist
cvelist
CVE-2013-5973
2013-12-23 15:00:00
cve
cve
CVE-2013-5973
2013-12-23 15:42:30
CVSS2
4.4
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
5.1%
Related for OPENVAS:1361412562310103863