VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing one or more security-related
patches.

Description :

a. Updated pcre Service Console package addresses several security issues

The pcre package contains the Perl-Compatible Regular Expression library.
pcre is used by various Service Console utilities.

Several security issues were discovered in the way PCRE handles regular
expressions. If an application linked against PCRE parsed a malicious
regular expression, it may have been possible to run arbitrary code as
the user running the application.

VMware would like to thank Ludwig Nussel for reporting these issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.

b. Updated net-snmp Service Console package addresses denial of service

net-snmp is an implementation of the Simple Network Management
Protocol (SNMP). SNMP is used by network management systems to
monitor hosts. By default ESX has this service enabled and its ports
open on the ESX firewall.

A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port could send a
malicious packet causing snmpd to crash, resulting in a denial of
service.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-5846 to this issue.

c. Updated OpenPegasus Service Console package fixes overflow condition

OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise
Management (WBEM) broker. These protocols are used by network management
systems to monitor and control hosts. By default ESX has this service
enabled and its ports open on the ESX firewall.

A flaw was discovered in the OpenPegasus CIM management server that
might allow remote attackers to execute arbitrary code. OpenPegasus
when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC
defined, has a stack-based buffer overflow condition.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2008-0003 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2008/000019.html

Solution :

Apply the missing patches.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 40377 ()

Bugtraq ID: 26378
26727

CVE ID: CVE-2006-7228
CVE-2007-1660
CVE-2007-5846
CVE-2008-0003