Executive Summary
Summary | |
---|---|
Title | - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation |
Informations | |||
---|---|---|---|
Name | VMSA-2014-0005 | First vendor Publication | 2014-05-29 |
Vendor | VMware | Last vendor Modification | 2014-05-29 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.8 | Attack Range | Adjacent network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Guest privilege escalation in VMware Tools A kernel NULL dereference vulnerability was found in VMware Tools running on Microsoft Windows 8.1. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system. VMware would like to thank Tavis Ormandy from the Google Security Team for reporting this issue to us. The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3793 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2014-0005.html |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 2 | |
Application | 2 | |
Os | 6 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-06-05 | IAVM : 2014-B-0068 - VMware ESXi 5.0 Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0051851 |
2014-06-05 | IAVM : 2014-B-0070 - VMware ESXi 5.5 Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0051855 |
2014-06-05 | IAVM : 2014-B-0069 - VMware ESXi 5.1 Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0051857 |
2014-01-30 | IAVM : 2014-A-0019 - Multiple Vulnerabilities in VMware Fusion Severity : Category I - VMSKEY : V0043844 |
2013-11-21 | IAVM : 2013-A-0221 - Multiple Vulnerabilties in VMware Player Severity : Category II - VMSKEY : V0042382 |
2013-11-21 | IAVM : 2013-A-0222 - Multiple Vulnerabilties in VMware Workstation Severity : Category II - VMSKEY : V0042383 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0005_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-02 | Name : The remote host has a virtualization application that is affected by a privil... File : macosx_fusion_vmsa_2014_0005.nasl - Type : ACT_GATHER_INFO |
2014-06-02 | Name : The remote host contains software that is affected by a privilege escalation ... File : vmware_player_linux_vmsa_2014_0005.nasl - Type : ACT_GATHER_INFO |
2014-06-02 | Name : The remote host contains software that is affected by a privilege escalation ... File : vmware_player_priv_esc_vmsa_2014-0005.nasl - Type : ACT_GATHER_INFO |
2014-06-02 | Name : The remote host has a virtualization application that is affected by a privil... File : vmware_workstation_linux_vmsa_2014_0005.nasl - Type : ACT_GATHER_INFO |
2014-06-02 | Name : The remote host has a virtualization application that is affected by a privil... File : vmware_workstation_priv_esc_vmsa_2014_0005.nasl - Type : ACT_GATHER_INFO |
2014-05-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0005.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-12-31 13:26:17 |
|
2014-06-06 21:22:25 |
|
2014-06-05 21:26:39 |
|
2014-06-03 13:23:33 |
|
2014-06-03 00:24:15 |
|
2014-05-31 17:24:08 |
|
2014-05-31 13:23:55 |
|
2014-05-30 09:20:20 |
|