exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2013-0014

VMware Security Advisory 2013-0014
Posted Dec 5, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0014 - VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.

tags | advisory
systems | windows
advisories | CVE-2013-3519
SHA-256 | 8f9cff72a0ccf5698417351f83db26499274ced107b280c2dbb84eec5ebddcb1

VMware Security Advisory 2013-0014

Change Mirror Download
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2013-0014
Synopsis: VMware Workstation, Fusion, ESXi and ESX patches
address a guest privilege escalation
Issue date: 2013-12-03
Updated on: 2013-12-03 (initial advisory)
CVE number: CVE-2013-3519
- -----------------------------------------------------------------------

1. Summary

VMware Workstation, Fusion, ESXi and ESX patches address a
vulnerability in the LGTOSYNC.SYS driver which could result in a
privilege escalation on older Windows-based Guest Operating Systems.

2. Relevant releases

VMware Workstation 9.x prior to version 9.0.3

VMware Player 5.x prior to version 5.0.3

VMware Fusion 5.x prior to version 5.0.4

VMware ESXi 5.1 without patch ESXi510-201304102
VMware ESXi 5.0 without patch ESXi500-201303102
VMware ESXi 4.1 without patch ESXi410-201301402
VMware ESXi 4.0 without patch ESXi400-201305401

VMware ESX 4.1 without patch ESX410-201301401
VMware ESX 4.0 without patch ESX400-201305401

3. Problem Description

a. VMware LGTOSYNC privilege escalation.

VMware ESX, Workstation and Fusion contain a vulnerability
in the handling of control code in lgtosync.sys. A local
malicious user may exploit this vulnerability to manipulate the
memory allocation. This could result in a privilege
escalation on 32-bit Guest Operating Systems running Windows 2000
Server, Windows XP or Windows 2003 Server on ESXi and ESX; or
Windows XP on Workstation and Fusion.

The vulnerability does not allow for privilege escalation
from the Guest Operating System to the host. This means
that host memory can not be manipulated from the Guest
Operating System.

VMware would like to thank Derek Soeder of Cylance, Inc. for
reporting this issue to us.

The Common Vulnerabilityies and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-3519 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is

VMware Product Running Replace with/
Product Version on Apply Patch*
============= ======= ======= =================
Workstation 10.x any not affected
Workstation 9.x any 9.0.3 or later

Player 6.x Windows not affected
Player 5.x Windows 5.0.3 or later

Fusion 6.x Mac OS/X not affected
Fusion 5.x Mac OS/X 5.0.4 or later

ESXi 5.5 ESXi not affected
ESXi 5.1 ESXi ESXi510-201304102-SG
ESXi 5.0 ESXi ESXi500-201303102-SG
ESXi 4.1 ESXi ESXi410-201301402-SG
ESXi 4.0 ESXi ESXi400-201305401-SG

ESX 4.1 ESX ESX410-201301401-SG
ESX 4.0 ESX ESX400-201305401-SG

* Notes on updating VMware Guest Tools:

After the update or patch is applied, VMware Guest Tools must
be updated in any pre-existing Windows-based Guest Operating
System followed by a reboot of the guest system.

4. Solution

Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.

VMware Workstation

VMware Player

VMware Fusion

ESXi and ESX

ESXi 5.1
File: update-from-esxi5.1-5.1_update01.zip
md5sum: 28b8026bcfbe3cd1817509759d4b61d6
sha1sum: 9d3124d3c5efa6d0c3b9ba06511243fc6e205542
update-from-esxi5.1-5.1_update01.zip contains ESXi510-201304102-SG

ESXi 5.0
File: ESXi500-201303001.zip
md5sum: c62470c48e81da84891c79d5533c8e91
sha1sum: 69fe8933888d2a6c4e53cfe822441c963bdcd2c7
ESXi500-201303001.zip contains ESXi500-201303102-SG

ESXi 4.1
File: ESXi410-201301001.zip
md5sum: 2fce8e96048b5f80354e90a1b9e7776c
sha1sum: d38283afafe7e27fc64f11cf780e0f1577f98c6c
ESXi410-201301001 contains ESXi410-201301402-SG

ESXi 4.0
File: ESXi400-201305001.zip
md5sum: 065d3fa4b0f52dd38c2bd92e5bfc5580
sha1sum: 1f3cab25a144746372d86071a47e569c439e276a
ESXi400-201305001 contains ESXi400-201305401-SG

ESX 4.1
File: ESX410-201301001.zip
md5sum: a8685fff822d6fd2d112db20f223d8fd
sha1sum: 4f5e6d0d11c5666bcf7488b0a970e052c77c73f0
ESX410-201301001 contains ESX410-201301401-SG

ESX 4.0
File: ESX400-201305001.zip
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
ESX400-201305001 contains ESX400-201305401-SG

5. References


- -----------------------------------------------------------------------

6. Change log

2013-12-03 VMSA-2013-0014
Initial security advisory in conjunction with the release of VMware
Fusion 5.0.4 on 2013-12-03.

- -----------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:

This Security Advisory is posted to the following lists:

* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories

VMware security response policy

General support life cycle policy

VMware Infrastructure support life cycle policy

Copyright 2013 VMware Inc. All rights reserved.

Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By