Summary
VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
Solution
Apply the missing patch(es).
Insight
a. VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server user with the privilege "Add Existing Disk" to obtain read and write access to arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary files. Modifying certain files may allow for code execution after a host reboot.
Unpriviledged vCenter Server users or groups that are assigned the predefined role "Virtual Machine Power User" or "Resource Pool Administrator" have the privilege "Add Existing Disk".
The issue cannot be exploited through VMware vCloud Director.
Workaround
A workaround is provided in VMware Knowledge Base article 2066856.
Mitigation
In a default vCenter Server installation no unprivileged users or groups are assigned the predefined role "Virtual Machine Power User" or "Resource Pool Administrator". Restrict the number of vCenter Server users that have the privilege "Add Existing Disk".
Affected
VMware ESXi 5.5 without patch ESXi550-201312001
VMware ESXi 5.1 without patch ESXi510-201310001
VMware ESXi 5.0 without patch update-from-esxi5.0-5.0_update03 VMware ESXi 4.1 without patch ESXi410-201312001
VMware ESXi 4.0 without patch ESXi400-201310001
VMware ESX 4.1 without patch ESX410-201312001
VMware ESX 4.0 without patch ESX400-201310001
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-5973 -
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- VMSA-2014-0002 VMware vSphere updates to third party libraries
- VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities
- VMSA-2012-0018: VMware security updates for vCSA and ESXi
- VMSA-2014-0006: VMware product updates address OpenSSL security vulnerabilities
- VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX