Vulnerabilities > CVE-2015-6933 - Improper Access Control vulnerability in VMWare products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 | |
| OS | 7 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Signature Spoofing by Key Theft An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Misc. NASL id VMWARE_ESXI_5_5_BUILD_3248547_REMOTE.NASL description The remote VMware ESXi 5.5 host is prior to build 3248547. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87942 published 2016-01-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87942 title ESXi 5.5 < Build 3248547 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87942); script_version("1.12"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"ESXi 5.5 < Build 3248547 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)"); script_summary(english:"Checks the ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 5.5 host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 5.5 host is prior to build 3248547. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135796 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d367021"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135410 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5310f417"); script_set_attribute(attribute:"solution", value: "Apply patch ESXi550-201512102-SG according to the vendor advisory. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 5.5" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.5"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "5.5"); build = int(match[1]); fixed_build = 3248547; security_only_build = 3247226; if (build < fixed_build && build != security_only_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);NASL family General NASL id VMWARE_WORKSTATION_LINUX_VMSA_2016_0001.NASL description The version of VMware Workstation installed on the remote host is 11.x prior to 11.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87927 published 2016-01-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87927 title VMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87927); script_version("1.7"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"VMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux)"); script_summary(english:"Checks VMware Workstation version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote host is 11.x prior to 11.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Workstation 11.1.2 or later. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"General"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_linux_installed.nbin"); script_require_keys("Host/VMware Workstation/Version"); script_exclude_keys("SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (get_kb_item("SMB/Registry/Enumerated")) audit(AUDIT_OS_NOT, "Linux", "Windows"); version = get_kb_item_or_exit("Host/VMware Workstation/Version"); fixed = '11.1.2'; # 11.x < 11.1.2 if ( ver_compare(ver:version, fix:'11.0.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:fixed, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report += '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware Workstation", version);NASL family Windows NASL id VMWARE_PLAYER_PRIV_ESC_VMSA_2016_0001.NASL description The version of VMware Player installed on the remote host is 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87926 published 2016-01-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87926 title VMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87926); script_version("1.7"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"VMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)"); script_summary(english:"Checks the VMware Player version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Player installed on the remote host is 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Player 7.1.2 or later. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_player_detect.nasl"); script_require_keys("SMB/Registry/Enumerated", "VMware/Player/Path", "VMware/Player/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); version = get_kb_item_or_exit("VMware/Player/Version"); path = get_kb_item_or_exit("VMware/Player/Path"); fix = ''; if (version =~ "^7\.") fix = '7.1.2'; if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) == -1) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report += '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Player", version, path);NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2016-0001.NASL description Important Windows-based guest privilege escalation in VMware Tools A kernel memory corruption vulnerability is present in the VMware Tools last seen 2020-06-01 modified 2020-06-02 plugin id 87889 published 2016-01-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87889 title VMSA-2016-0001 : VMware ESXi, Workstation, Player, and Fusion updates address important guest privilege escalation vulnerability code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2016-0001. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(87889); script_version("1.16"); script_cvs_date("Date: 2019/09/26 15:14:18"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"VMSA-2016-0001 : VMware ESXi, Workstation, Player, and Fusion updates address important guest privilege escalation vulnerability"); script_summary(english:"Checks esxupdate output for the patch"); script_set_attribute( attribute:"synopsis", value:"The remote VMware ESXi host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Important Windows-based guest privilege escalation in VMware Tools A kernel memory corruption vulnerability is present in the VMware Tools 'Shared Folders' (HGFS) feature running on Microsoft Windows. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system. VMware would like to thank Dmitry Janushkevich from the Secunia Research Team for reporting this issue to us. Note: This vulnerability does not allow for privilege escalation from the guest operating system to the host. Host memory can not be manipulated from the guest operating system by exploiting this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-6933 to this issue. Workarounds Removing the 'Shared Folders' (HGFS) feature from previously installed VMware Tools will remove the possibility of exploitation." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2016/000316.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2016-01-07"); flag = 0; if (esx_check(ver:"ESXi 5.0", vib:"VMware:tools-light:5.0.0-3.70.3088986")) flag++; if (esx_check(ver:"ESXi 5.1", vib:"VMware:tools-light:5.1.0-3.57.3021178")) flag++; if (esx_check(ver:"ESXi 5.5", vib:"VMware:tools-light:5.5.0-3.75.3247226")) flag++; if (esx_check(ver:"ESXi 6.0", vib:"VMware:tools-light:6.0.0-1.23.3341439")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id VMWARE_WORKSTATION_PRIV_ESC_VMSA_2016_0001.NASL description The version of VMware Workstation installed on the remote host is 11.x prior to 11.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87928 published 2016-01-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87928 title VMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87928); script_version("1.7"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"VMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)"); script_summary(english:"Checks the VMware Workstation version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote host is 11.x prior to 11.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Workstation 11.1.2 or later. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_detect.nasl"); script_require_keys("SMB/Registry/Enumerated", "VMware/Workstation/Version", "VMware/Workstation/Path"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); appname = 'VMware Workstation'; version = get_kb_item("VMware/Workstation/Version"); if (isnull(version)) audit(AUDIT_NOT_INST, appname); path = get_kb_item_or_exit("VMware/Workstation/Path"); fix = ''; if (version =~ "^11\.") fix = "11.1.2"; if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) == -1) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity >0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);NASL family Misc. NASL id VMWARE_ESXI_6_0_BUILD_3380124_REMOTE.NASL description The remote VMware ESXi 6.0 host is prior to build 3380124. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87943 published 2016-01-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87943 title ESXi 6.0 < Build 3380124 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87943); script_version("1.12"); script_cvs_date("Date: 2019/11/20"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"ESXi 6.0 < Build 3380124 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)"); script_summary(english:"Checks the ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 6.0 host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 6.0 host is prior to build 3380124. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135123 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?157d5a39"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135114 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f612999e"); script_set_attribute(attribute:"solution", value: "Apply patch ESXi600-201601102-SG according to the vendor advisory. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 6.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 6.0"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "6.0"); build = int(match[1]); fixed_build = 3380124; security_only_build = 3341439; if (build < fixed_build && build != security_only_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_3070626_REMOTE.NASL description The remote VMware ESXi 5.1 host is prior to build 3070626. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87941 published 2016-01-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87941 title ESXi 5.1 < Build 3070626 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87941); script_version("1.12"); script_cvs_date("Date: 2019/11/20"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"ESXi 5.1 < Build 3070626 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)"); script_summary(english:"Checks the ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 5.1 host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 5.1 host is prior to build 3070626. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2126488 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c276b94f"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2114860 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4cf0502f"); script_set_attribute(attribute:"solution", value: "Apply patch ESXi510-201510102-SG according to the vendor advisory. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 5.1" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.1"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "5.1"); build = int(match[1]); fixed_build = 3070626; security_only_build = 3021178; if (build < fixed_build && build != security_only_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_VMSA_2016_0001.NASL description The version of VMware Fusion installed on the remote Mac OS X host is 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87924 published 2016-01-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87924 title VMware Fusion 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87924); script_version("1.7"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"VMware Fusion 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)"); script_summary(english:"Checks Fusion version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote Mac OS X host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Fusion installed on the remote Mac OS X host is 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Fusion 7.1.2 or later. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("Host/local_checks_enabled", "MacOSX/Fusion/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("Host/local_checks_enabled"); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); version = get_kb_item_or_exit("MacOSX/Fusion/Version"); path = get_kb_item_or_exit("MacOSX/Fusion/Path"); fixed_version = '7.1.2'; if ( version =~ "^7\." && ver_compare(ver:version, fix:"7.1.2", strict:FALSE) == -1 ) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_warning(port:0, extra:report); } else security_warning(0); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path);NASL family General NASL id VMWARE_PLAYER_LINUX_VMSA_2016_0001.NASL description The version of VMware Player installed on the remote host is version 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87925 published 2016-01-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87925 title VMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87925); script_version("1.7"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"VMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux)"); script_summary(english:"Checks the VMware Player version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Player installed on the remote host is version 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Player 7.1.2 or later. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"General"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_player_linux_installed.nbin"); script_require_keys("Host/VMware Player/Version"); script_exclude_keys("SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (get_kb_item("SMB/Registry/Enumerated")) audit(AUDIT_OS_NOT, "Linux", "Windows"); version = get_kb_item_or_exit("Host/VMware Player/Version"); fixed = '7.1.2'; # 7.x < 7.1.2 if ( ver_compare(ver:version, fix:'7.0.0', strict:FALSE) >= 0 && ver_compare(ver:version, fix:fixed, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report += '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware Player", version);NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_3086167_REMOTE.NASL description The remote VMware ESXi 5.0 host is prior to build 3086167. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 87940 published 2016-01-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87940 title ESXi 5.0 < Build 3086167 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87940); script_version("1.12"); script_cvs_date("Date: 2019/11/20"); script_cve_id("CVE-2015-6933"); script_xref(name:"VMSA", value:"2016-0001"); script_name(english:"ESXi 5.0 < Build 3086167 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)"); script_summary(english:"Checks the ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 5.0 host is affected by a guest privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 5.0 host is prior to build 3086167. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges."); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2120210 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a70e58b8"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2113684 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?98b39737"); script_set_attribute(attribute:"solution", value: "Apply patch ESXi500-201510102-SG according to the vendor advisory. Note that VMware Tools in any Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate the vulnerability."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 5.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.0"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "5.0"); build = int(match[1]); fixed_build = 3086167; security_only_build = 3021432; if (build < fixed_build && build != security_only_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);