VMware ESX Server / ESXi Virtual Machine File Descriptors
VMware ESX Server / ESXi Virtual Machine File Descriptors Security Bypass Vulnerability
Release Date : 2013-12-23
Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status: Vendor Patch
VMware ESX Server 4.x
VMware ESXi 4.x
VMware ESXi 5.x
A vulnerability has been reported in VMware ESX Server and VMware ESXi, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to an error when handling certain Virtual Machine file descriptors, which can be exploited to gain read and write access to otherwise restricted, arbitrary files and potentially execute arbitrary code on a host after a reboot.
Successful exploitation requires the "Add Existing Disk" privilege via the e.g. VCenter Server permissions "Virtual Machine Power User" or "Resource Pool Administrator".
Note: Additionally this can be exploited by malicious, local users to gain read and write access to otherwise restricted, arbitrary files.
The vulnerability is reported in VMware ESX Server versions 4.0 and 4.1 and VMware ESXi versions 4.0, 4.1, 5.0, 5.1, and 5.5.
Provided and/or discovered by:
The vendor credits Shanon Olsson via JPCERT.
Was this reply helpful? (0) (0)