Summary
VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
Solution
Apply the missing patch(es).
Insight
a. VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server user with the privilege "Add Existing Disk" to obtain read and write access to arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary files. Modifying certain files may allow for code execution after a host reboot.
Unpriviledged vCenter Server users or groups that are assigned the predefined role "Virtual Machine Power User" or "Resource Pool Administrator" have the privilege "Add Existing Disk".
The issue cannot be exploited through VMware vCloud Director.
Workaround
A workaround is provided in VMware Knowledge Base article 2066856.
Mitigation
In a default vCenter Server installation no unprivileged users or groups are assigned the predefined role "Virtual Machine Power User" or "Resource Pool Administrator". Restrict the number of vCenter Server users that have the privilege "Add Existing Disk".
Affected
VMware ESXi 5.5 Build < 1474526
VMware ESXi 5.1 Build < 1312874
VMware ESXi 5.0 Build < 1311177
Detection
Check the build number.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-5973 -
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Avant Browser Address Bar Spoofing Vulnerability
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)