Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-vmware-path-vuln

Script types: portrule
Categories: vuln, safe
Download: http://nmap.org/svn/scripts/http-vmware-path-vuln.nse

User Summary

Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733).

The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html).

Script Arguments

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script http-vmware-path-vuln -p80,443,8222,8333 <host>

Script Output

| http-vmware-path-vuln:
|   VMWare path traversal (CVE-2009-3733): VULNERABLE
|     /vmware/Windows 2003/Windows 2003.vmx
|     /vmware/Pentest/Pentest - Linux/Linux Pentest Bravo.vmx
|     /vmware/Pentest/Pentest - Windows/Windows 2003.vmx
|     /mnt/vmware/vmware/FreeBSD 7.2/FreeBSD 7.2.vmx
|     /mnt/vmware/vmware/FreeBSD 8.0/FreeBSD 8.0.vmx
|     /mnt/vmware/vmware/FreeBSD 8.0 64-bit/FreeBSD 8.0 64-bit.vmx
|_    /mnt/vmware/vmware/Slackware 13 32-bit/Slackware 13 32-bit.vmx

Requires


Author: Ron Bowes

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault