Vulnerabilities > CVE-2015-6933 - Improper Access Control vulnerability in VMWare products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
vmware
CWE-284
nessus

Summary

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_5_BUILD_3248547_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.5 host is prior to build 3248547. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87942
    published2016-01-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87942
    titleESXi 5.5 < Build 3248547 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(87942);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"ESXi 5.5 < Build 3248547 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)");
      script_summary(english:"Checks the ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESXi 5.5 host is affected by a guest privilege
    escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESXi 5.5 host is prior to build 3248547. It is,
    therefore, affected by a guest privilege escalation vulnerability in
    the Shared Folders (HGFS) feature due to improper validation of
    user-supplied input. A local attacker can exploit this to corrupt
    memory, resulting in an elevation of privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135796
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d367021");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135410
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5310f417");
      script_set_attribute(attribute:"solution", value:
    "Apply patch ESXi550-201512102-SG according to the vendor advisory.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    
    if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi");
    if ("VMware ESXi 5.5" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.5");
    
    match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);
    if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "5.5");
    
    build = int(match[1]);
    fixed_build = 3248547;
    security_only_build = 3247226;
    
    if (build < fixed_build && build != security_only_build)
    {
      if (report_verbosity > 0)
      {
        report = '\n  ESXi version    : ' + ver +
                 '\n  Installed build : ' + build +
                 '\n  Fixed build     : ' + fixed_build +
                 '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);
    
  • NASL familyGeneral
    NASL idVMWARE_WORKSTATION_LINUX_VMSA_2016_0001.NASL
    descriptionThe version of VMware Workstation installed on the remote host is 11.x prior to 11.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87927
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87927
    titleVMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87927);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"VMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux)");
      script_summary(english:"Checks VMware Workstation version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A virtualization application installed on the remote host is affected
    by a guest privilege escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Workstation installed on the remote host is 11.x
    prior to 11.1.2. It is, therefore, affected by a guest privilege
    escalation vulnerability in the Shared Folders (HGFS) feature due to
    improper validation of user-supplied input. A local attacker can
    exploit this to corrupt memory, resulting in an elevation of
    privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMware Workstation 11.1.2 or later.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"General");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_workstation_linux_installed.nbin");
      script_require_keys("Host/VMware Workstation/Version");
      script_exclude_keys("SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (get_kb_item("SMB/Registry/Enumerated")) audit(AUDIT_OS_NOT, "Linux", "Windows");
    
    version = get_kb_item_or_exit("Host/VMware Workstation/Version");
    fixed = '11.1.2';
    
    # 11.x < 11.1.2
    if (
      ver_compare(ver:version, fix:'11.0.0', strict:FALSE) >= 0 &&
      ver_compare(ver:version, fix:fixed, strict:FALSE) == -1
    )
    {
      if (report_verbosity > 0)
      {
        report +=
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed +
          '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "VMware Workstation", version);
    
  • NASL familyWindows
    NASL idVMWARE_PLAYER_PRIV_ESC_VMSA_2016_0001.NASL
    descriptionThe version of VMware Player installed on the remote host is 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87926
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87926
    titleVMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87926);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"VMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)");
      script_summary(english:"Checks the VMware Player version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A virtualization application installed on the remote host is affected
    by a guest privilege escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Player installed on the remote host is 7.x prior
    to 7.1.2. It is, therefore, affected by a guest privilege escalation
    vulnerability in the Shared Folders (HGFS) feature due to improper
    validation of user-supplied input. A local attacker can exploit this
    to corrupt memory, resulting in an elevation of privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMware Player 7.1.2 or later.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_player_detect.nasl");
      script_require_keys("SMB/Registry/Enumerated", "VMware/Player/Path", "VMware/Player/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    version = get_kb_item_or_exit("VMware/Player/Version");
    path = get_kb_item_or_exit("VMware/Player/Path");
    fix = '';
    
    if (version =~ "^7\.")
      fix = '7.1.2';
    
    if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report +=
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Player", version, path);
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2016-0001.NASL
    descriptionImportant Windows-based guest privilege escalation in VMware Tools A kernel memory corruption vulnerability is present in the VMware Tools
    last seen2020-06-01
    modified2020-06-02
    plugin id87889
    published2016-01-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87889
    titleVMSA-2016-0001 : VMware ESXi, Workstation, Player, and Fusion updates address important guest privilege escalation vulnerability
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2016-0001. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87889);
      script_version("1.16");
      script_cvs_date("Date: 2019/09/26 15:14:18");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"VMSA-2016-0001 : VMware ESXi, Workstation, Player, and Fusion updates address important guest privilege escalation vulnerability");
      script_summary(english:"Checks esxupdate output for the patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote VMware ESXi host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Important Windows-based guest privilege escalation in VMware Tools
    
    A kernel memory corruption vulnerability is present in the VMware Tools
    'Shared Folders' (HGFS) feature running on Microsoft Windows. Successful
    exploitation of this issue could lead to an escalation of privilege in
    the guest operating system.
    
    VMware would like to thank Dmitry Janushkevich from the Secunia
    Research Team for reporting this issue to us.
    
    Note: This vulnerability does not allow for privilege escalation from
    the guest operating system to the host. Host memory can not be
    manipulated from the guest operating system by exploiting this flaw.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the identifier CVE-2015-6933 to this issue.
    
    Workarounds
    Removing the 'Shared Folders' (HGFS) feature from previously installed
    VMware Tools will remove the possibility of exploitation."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2016/000316.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patch.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2016-01-07");
    flag = 0;
    
    
    if (esx_check(ver:"ESXi 5.0", vib:"VMware:tools-light:5.0.0-3.70.3088986")) flag++;
    
    if (esx_check(ver:"ESXi 5.1", vib:"VMware:tools-light:5.1.0-3.57.3021178")) flag++;
    
    if (esx_check(ver:"ESXi 5.5", vib:"VMware:tools-light:5.5.0-3.75.3247226")) flag++;
    
    if (esx_check(ver:"ESXi 6.0", vib:"VMware:tools-light:6.0.0-1.23.3341439")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idVMWARE_WORKSTATION_PRIV_ESC_VMSA_2016_0001.NASL
    descriptionThe version of VMware Workstation installed on the remote host is 11.x prior to 11.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87928
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87928
    titleVMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87928);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"VMware Workstation 11.x < 11.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)");
      script_summary(english:"Checks the VMware Workstation version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A virtualization application installed on the remote host is affected
    by a guest privilege escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Workstation installed on the remote host is 11.x
    prior to 11.1.2. It is, therefore, affected by a guest privilege
    escalation vulnerability in the Shared Folders (HGFS) feature due to
    improper validation of user-supplied input. A local attacker can
    exploit this to corrupt memory, resulting in an elevation of
    privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMware Workstation 11.1.2 or later.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_workstation_detect.nasl");
      script_require_keys("SMB/Registry/Enumerated", "VMware/Workstation/Version", "VMware/Workstation/Path");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    appname = 'VMware Workstation';
    
    version = get_kb_item("VMware/Workstation/Version");
    if (isnull(version)) audit(AUDIT_NOT_INST, appname);
    
    path = get_kb_item_or_exit("VMware/Workstation/Path");
    
    fix = '';
    
    if (version =~ "^11\.")
      fix  = "11.1.2";
    
    if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity >0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix + '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
    
  • NASL familyMisc.
    NASL idVMWARE_ESXI_6_0_BUILD_3380124_REMOTE.NASL
    descriptionThe remote VMware ESXi 6.0 host is prior to build 3380124. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87943
    published2016-01-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87943
    titleESXi 6.0 < Build 3380124 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(87943);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"ESXi 6.0 < Build 3380124 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)");
      script_summary(english:"Checks the ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESXi 6.0 host is affected by a guest privilege
    escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESXi 6.0 host is prior to build 3380124. It is,
    therefore, affected by a guest privilege escalation vulnerability in
    the Shared Folders (HGFS) feature due to improper validation of
    user-supplied input. A local attacker can exploit this to corrupt
    memory, resulting in an elevation of privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135123
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?157d5a39");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2135114
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f612999e");
      script_set_attribute(attribute:"solution", value:
    "Apply patch ESXi600-201601102-SG according to the vendor advisory.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    
    if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi");
    if ("VMware ESXi 6.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 6.0");
    
    match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);
    if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "6.0");
    
    build = int(match[1]);
    fixed_build = 3380124;
    security_only_build = 3341439;
    
    if (build < fixed_build && build != security_only_build)
    {
      if (report_verbosity > 0)
      {
        report = '\n  ESXi version    : ' + ver +
                 '\n  Installed build : ' + build +
                 '\n  Fixed build     : ' + fixed_build +
                 '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);
    
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_3070626_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.1 host is prior to build 3070626. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87941
    published2016-01-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87941
    titleESXi 5.1 < Build 3070626 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(87941);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"ESXi 5.1 < Build 3070626 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)");
      script_summary(english:"Checks the ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESXi 5.1 host is affected by a guest privilege
    escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESXi 5.1 host is prior to build 3070626. It is,
    therefore, affected by a guest privilege escalation vulnerability in
    the Shared Folders (HGFS) feature due to improper validation of
    user-supplied input. A local attacker can exploit this to corrupt
    memory, resulting in an elevation of privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2126488
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c276b94f");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2114860
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4cf0502f");
      script_set_attribute(attribute:"solution", value:
    "Apply patch ESXi510-201510102-SG according to the vendor advisory.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    
    if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi");
    if ("VMware ESXi 5.1" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.1");
    
    match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);
    if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "5.1");
    
    build = int(match[1]);
    fixed_build = 3070626;
    security_only_build = 3021178;
    
    if (build < fixed_build && build != security_only_build)
    {
      if (report_verbosity > 0)
      {
        report = '\n  ESXi version    : ' + ver +
                 '\n  Installed build : ' + build +
                 '\n  Fixed build     : ' + fixed_build +
                 '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FUSION_VMSA_2016_0001.NASL
    descriptionThe version of VMware Fusion installed on the remote Mac OS X host is 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87924
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87924
    titleVMware Fusion 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87924);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"VMware Fusion 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001)");
      script_summary(english:"Checks Fusion version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A virtualization application installed on the remote Mac OS X host is
    affected by a guest privilege escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Fusion installed on the remote Mac OS X host is
    7.x prior to 7.1.2. It is, therefore, affected by a guest privilege
    escalation vulnerability in the Shared Folders (HGFS) feature due to
    improper validation of user-supplied input. A local attacker can
    exploit this to corrupt memory, resulting in an elevation of
    privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMware Fusion 7.1.2 or later.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_fusion_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "MacOSX/Fusion/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    version = get_kb_item_or_exit("MacOSX/Fusion/Version");
    path = get_kb_item_or_exit("MacOSX/Fusion/Path");
    
    fixed_version = '7.1.2';
    
    if (
      version =~ "^7\." && ver_compare(ver:version, fix:"7.1.2", strict:FALSE) == -1
    )
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path);
    
  • NASL familyGeneral
    NASL idVMWARE_PLAYER_LINUX_VMSA_2016_0001.NASL
    descriptionThe version of VMware Player installed on the remote host is version 7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87925
    published2016-01-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87925
    titleVMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87925);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"VMware Player 7.x < 7.1.2 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (Linux)");
      script_summary(english:"Checks the VMware Player version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A virtualization application installed on the remote host is affected
    by a guest privilege escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Player installed on the remote host is version
    7.x prior to 7.1.2. It is, therefore, affected by a guest privilege escalation
    vulnerability in the Shared Folders (HGFS) feature due to improper
    validation of user-supplied input. A local attacker can exploit this
    to corrupt memory, resulting in an elevation of privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMware Player 7.1.2 or later.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"General");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_player_linux_installed.nbin");
      script_require_keys("Host/VMware Player/Version");
      script_exclude_keys("SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (get_kb_item("SMB/Registry/Enumerated")) audit(AUDIT_OS_NOT, "Linux", "Windows");
    
    version = get_kb_item_or_exit("Host/VMware Player/Version");
    fixed = '7.1.2';
    
    # 7.x < 7.1.2
    if (
      ver_compare(ver:version, fix:'7.0.0', strict:FALSE) >= 0 &&
      ver_compare(ver:version, fix:fixed, strict:FALSE) == -1
    )
    {
      if (report_verbosity > 0)
      {
        report +=
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed +
          '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "VMware Player", version);
    
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_3086167_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.0 host is prior to build 3086167. It is, therefore, affected by a guest privilege escalation vulnerability in the Shared Folders (HGFS) feature due to improper validation of user-supplied input. A local attacker can exploit this to corrupt memory, resulting in an elevation of privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id87940
    published2016-01-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87940
    titleESXi 5.0 < Build 3086167 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(87940);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id("CVE-2015-6933");
      script_xref(name:"VMSA", value:"2016-0001");
    
      script_name(english:"ESXi 5.0 < Build 3086167 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)");
      script_summary(english:"Checks the ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESXi 5.0 host is affected by a guest privilege
    escalation vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESXi 5.0 host is prior to build 3086167. It is,
    therefore, affected by a guest privilege escalation vulnerability in
    the Shared Folders (HGFS) feature due to improper validation of
    user-supplied input. A local attacker can exploit this to corrupt
    memory, resulting in an elevation of privileges.");
      script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2016-0001.html");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2120210
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a70e58b8");
      # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2113684
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?98b39737");
      script_set_attribute(attribute:"solution", value:
    "Apply patch ESXi500-201510102-SG according to the vendor advisory.
    
    Note that VMware Tools in any Windows-based guests that use the Shared
    Folders (HGFS) feature must also be updated to completely mitigate the
    vulnerability.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6933");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/15");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    
    if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi");
    if ("VMware ESXi 5.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.0");
    
    match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);
    if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "5.0");
    
    build = int(match[1]);
    fixed_build = 3086167;
    security_only_build = 3021432;
    
    if (build < fixed_build && build != security_only_build)
    {
      if (report_verbosity > 0)
      {
        report = '\n  ESXi version    : ' + ver +
                 '\n  Installed build : ' + build +
                 '\n  Fixed build     : ' + fixed_build +
                 '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);