Summary
VMware Workstation, Fusion, ESXi and ESX patches
address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.
Solution
Apply the missing patch(es).
Insight
a. VMware LGTOSYNC privilege escalation.
VMware ESX, Workstation and Fusion contain a vulnerability in the handling of control code in lgtosync.sys. A local malicious user may exploit this vulnerability to manipulate the memory allocation. This could result in a privilege escalation on 32-bit Guest Operating Systems running Windows 2000 Server, Windows XP or Windows 2003 Server on ESXi and ESX
or Windows XP on Workstation and Fusion.
The vulnerability does not allow for privilege escalation from the Guest Operating System to the host. This means that host memory can not be manipulated from the Guest Operating System.
Affected
VMware Workstation 9.x prior to version 9.0.3
VMware Player 5.x prior to version 5.0.3
VMware Fusion 5.x prior to version 5.0.4
VMware ESXi 5.1 without patch ESXi510-201304102
VMware ESXi 5.0 without patch ESXi500-201303102
VMware ESXi 4.1 without patch ESXi410-201301402
VMware ESXi 4.0 without patch ESXi400-201305401
VMware ESX 4.1 without patch ESX410-201301401
VMware ESX 4.0 without patch ESX400-201305401
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-3519 -
CVSS Base Score: 7.9
AV:A/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
- VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console
- VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX Service Console
- VMSA-2012-0006 VMware ESXi and ESX address several security issues
- VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues