Sign-up

ID

VAR-201405-0538


CVE

CVE-2014-3793


TITLE

plural VMware Product VMware Tools Guest in OS Vulnerabilities that have been granted permission

Trust: 0.8

sources: JVNDB: JVNDB-2014-002691

DESCRIPTION

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Multiple VMware products are prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on the guest operating system. The following products are affected: VMware Workstation 10.x prior to version 10.0.2 VMware Player 6.x prior to version 6.0.2 VMware Fusion 6.x prior to version 6.0.3 ESXi 5.5 without patch ESXi550-201403102-SG ESXi 5.1 without patch ESXi510-201404102-SG ESXi 5.0 without patch ESXi500-201405102-SG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2014-0005 Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation Issue date: 2014-05-29 Updated on: 2014-05-29 (initial advisory) CVE numbers: CVE-2014-3793 - ------------------------------------------------------------------------- 1. 2. Problem Description a. VMware would like to thank Tavis Ormandy from the Google Security Team for reporting this issue to us. This means that host memory can not be manipulated from the Guest Operating System. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3793 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. ** Workstation 9.x, Player 5.x and Fusion 5.x do not support Windows 8.1 Guest Operating Systems 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3793 - ------------------------------------------------------------------------- 6. Change Log 2014-05-29 VMSA-2014-0005 Initial security advisory in conjunction with the release of ESXi 5.0 patches on 2014-05-29 - ------------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8 wj8DBQFTiAIMDEcm8Vbi9kMRAgJiAKCI3namsqifeWwPKML6Gk2u+206PgCg2BFN Ik+PbexzXJiOjs0MAzONaw4= =nKGT -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2014-3793 // JVNDB: JVNDB-2014-002691 // BID: 67737 // PACKETSTORM: 126869

AFFECTED PRODUCTS

vendor:vmwaremodel:esxiscope:eqversion:5.1

Trust: 2.7

vendor:vmwaremodel:esxiscope:eqversion:5.5

Trust: 2.7

vendor:vmwaremodel:esxiscope:eqversion:5.0

Trust: 2.1

vendor:vmwaremodel:fusionscope:eqversion:6.0.1

Trust: 1.9

vendor:vmwaremodel:playerscope:eqversion:6.0

Trust: 1.9

vendor:vmwaremodel:playerscope:eqversion:6.0.1

Trust: 1.9

vendor:vmwaremodel:fusionscope:eqversion:6.0.2

Trust: 1.9

vendor:vmwaremodel:workstationscope:eqversion:10.0.1

Trust: 1.6

vendor:vmwaremodel:fusionscope:eqversion:6.0

Trust: 1.6

vendor:vmwaremodel:workstationscope:eqversion:10.0

Trust: 1.6

vendor:vmwaremodel:workstationscope:ltversion:10.x

Trust: 0.8

vendor:vmwaremodel:fusionscope:eqversion:6.0.3

Trust: 0.8

vendor:vmwaremodel:fusionscope:ltversion:6.x

Trust: 0.8

vendor:vmwaremodel:playerscope:eqversion:6.0.2

Trust: 0.8

vendor:vmwaremodel:workstationscope:eqversion:10.0.2

Trust: 0.8

vendor:vmwaremodel:playerscope:ltversion:6.x

Trust: 0.8

vendor:vmwaremodel:esxi esxi500-20131010scope:eqversion:5.0

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.01

Trust: 0.3

vendor:vmwaremodel:workstation mp2scope:eqversion:10.0

Trust: 0.3

vendor:vmwaremodel:workstation build-1379776scope:eqversion:10.0.1

Trust: 0.3

vendor:vmwaremodel:esxi updatescope:eqversion:5.01

Trust: 0.3

vendor:vmwaremodel:esxi esxi510-20131010scope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:playerscope:neversion:6.0.2

Trust: 0.3

vendor:vmwaremodel:esxi esxi550-20140310scope:neversion:5.5

Trust: 0.3

vendor:vmwaremodel:esxi esxi500-2014051scope:neversion:5.0

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.02

Trust: 0.3

vendor:vmwaremodel:esxi esxi510-20140410scope:neversion:5.1

Trust: 0.3

vendor:vmwaremodel:workstationscope:neversion:10.0.2

Trust: 0.3

vendor:vmwaremodel:fusionscope:neversion:6.0.3

Trust: 0.3

vendor:vmwaremodel:esxi esxi510-20140110scope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.11

Trust: 0.3

vendor:vmwaremodel:esxi esxi550-20131210scope:eqversion:5.5

Trust: 0.3

sources: BID: 67737 // JVNDB: JVNDB-2014-002691 // CNNVD: CNNVD-201405-590 // NVD: CVE-2014-3793

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-3793
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201405-590
value: MEDIUM

Trust: 0.6

NVD: CVE-2014-3793
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2014-002691 // CNNVD: CNNVD-201405-590 // NVD: CVE-2014-3793

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-002691 // NVD: CVE-2014-3793

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201405-590

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201405-590

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2014-3793

PATCH
title:VMSA-2014-0005url:http://www.vmware.com/security/advisories/vmsa-2014-0005.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002691

EXTERNAL IDS
db:NVDid:CVE-2014-3793
Trust: 2.8
db:PACKETSTORMid:126869
Trust: 1.1
db:SECUNIAid:58894
Trust: 1.0
db:SECTRACKid:1030311
Trust: 1.0
db:SECTRACKid:1030310
Trust: 1.0
db:JVNDBid:JVNDB-2014-002691
Trust: 0.8
db:CNNVDid:CNNVD-201405-590
Trust: 0.6
db:BIDid:67737
Trust: 0.3
sources:
            
            
            BID: 67737 // 
            
            
            
            JVNDB: JVNDB-2014-002691 // 
            
            
            
            PACKETSTORM: 126869 // 
            
            
            
            CNNVD: CNNVD-201405-590 // 
            
            
            
            NVD: CVE-2014-3793

REFERENCES
url:http://www.vmware.com/security/advisories/vmsa-2014-0005.html
Trust: 1.9
url:http://www.securitytracker.com/id/1030310
Trust: 1.0
url:http://secunia.com/advisories/58894
Trust: 1.0
url:http://www.securitytracker.com/id/1030311
Trust: 1.0
url:http://packetstormsecurity.com/files/126869/vmware-security-advisory-2014-0005.html
Trust: 1.0
url:http://www.securityfocus.com/archive/1/532236/100/0/threaded
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3793
Trust: 0.9
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3793
Trust: 0.8
url:http://www.vmware.com
Trust: 0.3
url:https://www.vmware.com/go/downloadfusion
Trust: 0.1
url:https://twitter.com/vmwaresrc
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-3793
Trust: 0.1
url:http://kb.vmware.com/kb/2075521
Trust: 0.1
url:http://kb.vmware.com/kb/2065832
Trust: 0.1
url:https://www.vmware.com/support/policies/lifecycle.html
Trust: 0.1
url:http://kb.vmware.com/kb/1055
Trust: 0.1
url:http://www.vmware.com/security/advisories
Trust: 0.1
url:https://www.vmware.com/go/downloadworkstation
Trust: 0.1
url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
Trust: 0.1
url:https://www.vmware.com/support/policies/security_response.html
Trust: 0.1
url:http://kb.vmware.com/kb/2070666
Trust: 0.1
url:https://www.vmware.com/go/downloadplayer
Trust: 0.1
sources:
            
            
            BID: 67737 // 
            
            
            
            JVNDB: JVNDB-2014-002691 // 
            
            
            
            PACKETSTORM: 126869 // 
            
            
            
            CNNVD: CNNVD-201405-590 // 
            
            
            
            NVD: CVE-2014-3793

CREDITS
Tavis Ormandy from the Google Security Team
Trust: 0.3
sources:
            
            
            BID: 67737

SOURCES
db:BIDid:67737
db:JVNDBid:JVNDB-2014-002691
db:PACKETSTORMid:126869
db:CNNVDid:CNNVD-201405-590
db:NVDid:CVE-2014-3793

LAST UPDATE DATE
2022-05-04T09:12:23.053000+00:00

SOURCES UPDATE DATE
db:BIDid:67737date:2014-05-29T00:00:00
db:JVNDBid:JVNDB-2014-002691date:2014-06-16T00:00:00
db:CNNVDid:CNNVD-201405-590date:2014-06-04T00:00:00
db:NVDid:CVE-2014-3793date:2018-10-09T19:47:00

SOURCES RELEASE DATE
db:BIDid:67737date:2014-05-29T00:00:00
db:JVNDBid:JVNDB-2014-002691date:2014-06-03T00:00:00
db:PACKETSTORMid:126869date:2014-05-31T00:00:43
db:CNNVDid:CNNVD-201405-590date:2014-05-31T00:00:00
db:NVDid:CVE-2014-3793date:2014-05-31T11:17:00