Vulnerabilities > CVE-2014-3793 - Local Privilege Escalation vulnerability in Multiple VMware Products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. Per http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 | |
| OS | 6 |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_VMSA_2014_0005.NASL description The version of VMware Fusion installed on the remote Mac OS X host is version 6.x prior to 6.0.3. It is, therefore, reportedly affected by a privilege escalation vulnerability. A kernel NULL dereference flaw exists in VMware tools on Windows 8.1 guest hosts. An attacker could escalate his privileges on the guest host. Note that successful exploitation of the vulnerability does not allow privilege escalation from the guest host to the host system. last seen 2020-06-01 modified 2020-06-02 plugin id 74263 published 2014-06-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74263 title VMware Fusion 6.x < 6.0.3 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74263); script_version("1.7"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-3793"); script_bugtraq_id(67737); script_xref(name:"VMSA", value:"2014-0005"); script_name(english:"VMware Fusion 6.x < 6.0.3 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005)"); script_summary(english:"Checks Fusion version"); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization application that is affected by a privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Fusion installed on the remote Mac OS X host is version 6.x prior to 6.0.3. It is, therefore, reportedly affected by a privilege escalation vulnerability. A kernel NULL dereference flaw exists in VMware tools on Windows 8.1 guest hosts. An attacker could escalate his privileges on the guest host. Note that successful exploitation of the vulnerability does not allow privilege escalation from the guest host to the host system."); # https://www.vmware.com/support/fusion6/doc/fusion-603-release-notes.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bd08e50e"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Fusion 6.0.3 or later."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3793"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("Host/local_checks_enabled", "MacOSX/Fusion/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("Host/local_checks_enabled"); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); version = get_kb_item_or_exit("MacOSX/Fusion/Version"); path = get_kb_item_or_exit("MacOSX/Fusion/Path"); fixed_version = '6.0.3'; if ( version =~ "^6\." && ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_warning(port:0, extra:report); } else security_warning(0); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path);NASL family General NASL id VMWARE_WORKSTATION_LINUX_VMSA_2014_0005.NASL description The version of VMware Workstation installed on the remote host is version 10.x prior to 10.0.2. It is, therefore, reportedly affected by a privilege escalation vulnerability. A kernel NULL dereference flaw exists in VMware tools on Windows 8.1 guest hosts. An attacker could escalate his privileges on the guest host. Note that successful exploitation of the vulnerability does not allow privilege escalation from the guest host to the host system. last seen 2020-06-01 modified 2020-06-02 plugin id 74266 published 2014-06-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74266 title VMware Workstation 10.x < 10.0.2 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005) (Linux) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74266); script_version("1.6"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-3793"); script_bugtraq_id(67737); script_xref(name:"VMSA", value:"2014-0005"); script_name(english:"VMware Workstation 10.x < 10.0.2 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005) (Linux)"); script_summary(english:"Checks VMware Workstation version"); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization application that is affected by a privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote host is version 10.x prior to 10.0.2. It is, therefore, reportedly affected by a privilege escalation vulnerability. A kernel NULL dereference flaw exists in VMware tools on Windows 8.1 guest hosts. An attacker could escalate his privileges on the guest host. Note that successful exploitation of the vulnerability does not allow privilege escalation from the guest host to the host system."); # https://www.vmware.com/support/ws10/doc/workstation-1002-release-notes.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a48b929"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Workstation 10.0.2 or later."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3793"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"General"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_linux_installed.nbin"); script_require_keys("Host/VMware Workstation/Version"); script_exclude_keys("SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (get_kb_item("SMB/Registry/Enumerated")) audit(AUDIT_OS_NOT, "Linux", "Windows"); version = get_kb_item_or_exit("Host/VMware Workstation/Version"); fixed = '10.0.2'; # 10.x < 10.0.2 if ( ver_compare(ver:version, fix:'10.0.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:fixed, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report += '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware Workstation", version);NASL family Misc. NASL id VMWARE_VMSA-2014-0005_REMOTE.NASL description The remote VMware ESXi host is affected by a privilege escalation vulnerability due to a NULL pointer dereference flaw in VMware Tools running on Microsoft Windows 8.1. An attacker on an adjacent network can exploit this issue to gain elevated privileges within the guest operating system or else cause the guest operating system to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 87677 published 2015-12-30 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87677 title VMware ESXi Tools Guest OS Privilege Escalation (VMSA-2014-0005) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87677); script_version("1.4"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2014-3793"); script_bugtraq_id(67737); script_xref(name:"VMSA", value:"2014-0005"); script_name(english:"VMware ESXi Tools Guest OS Privilege Escalation (VMSA-2014-0005)"); script_summary(english:"Checks the version and build numbers of the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi host is affected by a privilege escalation vulnerability due to a NULL pointer dereference flaw in VMware Tools running on Microsoft Windows 8.1. An attacker on an adjacent network can exploit this issue to gain elevated privileges within the guest operating system or else cause the guest operating system to crash."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0005"); script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000247.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESXi version 5.0 / 5.1 / 5.5."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "VMware ESXi"); esx = "ESXi"; extract = eregmatch(pattern:"^ESXi (\d\.\d).*$", string:ver); if (isnull(extract)) audit(AUDIT_UNKNOWN_APP_VER, "VMware ESXi"); else ver = extract[1]; fixes = make_array( "5.0", "1749766", "5.1", "1743201", "5.5", "1623387" ); # security-only fixes full_fixes = make_array( "5.0", "1851670", "5.1", "1743533" ); fix = FALSE; fix = fixes[ver]; full_fix = FALSE; full_fix = full_fixes[ver]; # get the build before checking the fix for the most complete audit trail extract = eregmatch(pattern:'^VMware ESXi.* build-([0-9]+)$', string:rel); if (isnull(extract)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", ver); build = int(extract[1]); # if there is no fix in the array, fix is FALSE if(!fix) audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver, build); if (build < fix) { # if there is a security fix, check for it now if (full_fix) fix = fix + " / " + full_fix; if (report_verbosity > 0) { report = '\n Version : ESXi ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port:port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver, build);NASL family General NASL id VMWARE_PLAYER_LINUX_VMSA_2014_0005.NASL description The installed version of VMware Player 6.x running on the remote Linux host is prior to 6.0.2. It is, therefore, reportedly affected by a privilege escalation vulnerability. A kernel NULL dereference flaw exists in VMware tools on Windows 8.1 guest hosts. An attacker could escalate his privileges on the guest host. Note that successful exploitation of the vulnerability does not allow privilege escalation from the guest host to the host system. last seen 2020-06-01 modified 2020-06-02 plugin id 74264 published 2014-06-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74264 title VMware Player 6.x < 6.0.2 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005) (Linux) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2014-0005.NASL description a. Guest privilege escalation in VMware Tools A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system. VMware would like to thank Tavis Ormandy from the Google Security Team for reporting this issue to us. The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3793 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 74244 published 2014-05-30 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74244 title VMSA-2014-0005 : VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation NASL family Windows NASL id VMWARE_PLAYER_PRIV_ESC_VMSA_2014-0005.NASL description The installed version of VMware Player 6.x running on the remote Windows host is prior to 6.0.2. It is, therefore, reportedly affected by a privilege escalation vulnerability. A kernel NULL dereference flaw exists in VMware tools on Windows 8.1 guest hosts. An attacker could escalate his privileges on the guest host. Note that successful exploitation of the vulnerability does not allow privilege escalation from the guest host to the host system. last seen 2020-06-01 modified 2020-06-02 plugin id 74265 published 2014-06-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74265 title VMware Player 6.x < 6.0.2 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005) NASL family Windows NASL id VMWARE_WORKSTATION_PRIV_ESC_VMSA_2014_0005.NASL description The version of VMware Workstation installed on the remote host is version 10.x prior to 10.0.2. It is, therefore, reportedly affected by a privilege escalation vulnerability. A kernel NULL dereference flaw exists in VMware tools on Windows 8.1 guest hosts. An attacker could escalate his privileges on the guest host. Note that successful exploitation of the vulnerability does not allow privilege escalation from the guest host to the host system. last seen 2020-06-01 modified 2020-06-02 plugin id 74267 published 2014-06-02 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74267 title VMware Workstation 10.x < 10.0.2 Windows 8.1 Guest Privilege Escalation (VMSA-2014-0005)
References
- http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html
- http://secunia.com/advisories/58894
- http://www.securityfocus.com/archive/1/532236/100/0/threaded
- http://www.securitytracker.com/id/1030310
- http://www.securitytracker.com/id/1030311
- http://www.vmware.com/security/advisories/VMSA-2014-0005.html