VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing one or more security-related
patches.

Description :

a. Updated OpenSSL package for the Service Console fixes a
security issue.

OpenSSL 0.9.7a-33.24 and earlier does not properly check the return
value from the EVP_VerifyFinal function, which could allow a remote
attacker to bypass validation of the certificate chain via a
malformed SSL/TLS signature for DSA and ECDSA keys.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-5077 to this issue.

b. Update bind package for the Service Console fixes a security issue.

A flaw was discovered in the way Berkeley Internet Name Domain
(BIND) checked the return value of the OpenSSL DSA_do_verify
function. On systems using DNSSEC, a malicious zone could present
a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0025 to this issue.

c. Updated vim package for the Service Console addresses several
security issues.

Several input flaws were found in Visual editor IMproved's (Vim)
keyword and tag handling. If Vim looked up a document's maliciously
crafted tag or keyword, it was possible to execute arbitrary code as
the user running Vim.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4101 to this issue.

A heap-based overflow flaw was discovered in Vim's expansion of file
name patterns with shell wildcards. An attacker could create a
specially crafted file or directory name, when opened by Vim causes
the application to stop responding or execute arbitrary code.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-3432 to this issue.

Several input flaws were found in various Vim system functions. If a
user opened a specially crafted file, it was possible to execute
arbitrary code as the user running Vim.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2712 to this issue.

A format string flaw was discovered in Vim's help tag processor. If
a user was tricked into executing the 'helptags' command on
malicious data, arbitrary code could be executed with the
permissions of the user running VIM.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2953 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2010/000077.html

Solution :

Apply the missing patches.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true