VMSA-2009-0006 : VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. Host code execution vulnerability from a guest operating system

A critical vulnerability in the virtual machine display function
might allow a guest operating system to run code on the host.

This issue is different from the vulnerability in a guest virtual
device driver reported in VMware security advisory VMSA-2009-0005
on 2009-04-03. That vulnerability can cause a potential denial of
service and is identified by CVE-2008-4916.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-1244 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2009/000055.html

Solution :

Apply the missing patch.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 40391 ()

Bugtraq ID:

CVE ID: CVE-2009-1244