VMSA-2009-0003 : ESX 2.5.5 patch 12 updates service console package ed

high Nessus Plugin ID 40388

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

a. Updated ESX patch updates Service Console package ed

ed is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts).

A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially crafted name that could possibly execute an arbitrary code when opened in the ed editor.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3916 to this issue.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2009/000051.html

Plugin Details

Severity: High

ID: 40388

File Name: vmware_VMSA-2009-0003.nasl

Version: 1.18

Type: local

Published: 7/27/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:2.5.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2009

Reference Information

CVE: CVE-2008-3916

BID: 30815

CWE: 119

VMSA: 2009-0003