VMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packages

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing one or more
security-related patches.

Description :

a. Loading a corrupt delta disk may cause ESX to crash

If the VMDK delta disk of a snapshot is corrupt, an ESX host might
crash when the corrupted disk is loaded. VMDK delta files exist
for virtual machines with one or more snapshots. This change ensures
that a corrupt VMDK delta file cannot be used to crash ESX hosts.

A corrupt VMDK delta disk, or virtual machine would have to be loaded
by an administrator.

VMware would like to thank Craig Marshall for reporting this issue.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4914 to this issue.

b. Updated Service Console package net-snmp

Net-SNMP is an implementation of the Simple Network Management
Protocol (SNMP). SNMP is used by network management systems to
monitor hosts.

A denial-of-service flaw was found in the way Net-SNMP processes
SNMP GETBULK requests. A remote attacker who issued a specially-
crafted request could cause the snmpd server to crash.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4309 to this issue.

c. Updated Service Console package libxml2

An integer overflow flaw causing a heap-based buffer overflow was
found in the libxml2 XML parser. If an application linked against
libxml2 processed untrusted, malformed XML content, it could cause
the application to crash or, possibly, execute arbitrary code.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2008-4226 to this issue.

A denial of service flaw was discovered in the libxml2 XML parser.
If an application linked against libxml2 processed untrusted,
malformed XML content, it could cause the application to enter
an infinite loop.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4225 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2009/000052.html

Solution :

Apply the missing patches.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 40387 ()

Bugtraq ID: 32020

CVE ID: CVE-2008-4225
CVE-2008-4226
CVE-2008-4309
CVE-2008-4914