CVE-2013-5973 Information

Description

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat (2) -rdm or (3) -rdmp filename.

Reference

http://jvn.jp/en/jp/JVN13154935/index.html http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html http://osvdb.org/101387 http://www.securityfocus.com/archive/1/530482/100/0/threaded http://www.securityfocus.com/bid/64491 http://www.securitytracker.com/id/1029529 http://www.vmware.com/security/advisories/VMSA-2013-0016.html https://exchange.xforce.ibmcloud.com/vulnerabilities/89938