VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing one or more security-related
patches.

Description :

a. Service Console update for DHCP and third-party library update
for DHCP client.

DHCP is an Internet-standard protocol by which a computer can be
connected to a local network, ask to be given configuration
information, and receive from a server enough information to
configure itself as a member of that network.

A stack-based buffer overflow in the script_write_params method in
ISC DHCP dhclient allows remote DHCP servers to execute arbitrary
code via a crafted subnet-mask option.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0692 to this issue.

An insecure temporary file use flaw was discovered in the DHCP
daemon's init script ('/etc/init.d/dhcpd'). A local attacker could
use this flaw to overwrite an arbitrary file with the output of the
'dhcpd -t' command via a symbolic link attack, if a system
administrator executed the DHCP init script with the 'configtest',
'restart', or 'reload' option.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-1893 to this issue.

b. Updated Service Console package kernel

Service Console package kernel update to version
kernel-2.4.21-58.EL.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-4210, CVE-2008-3275, CVE-2008-0598,
CVE-2008-2136, CVE-2008-2812, CVE-2007-6063, CVE-2008-3525 to the
security issues fixed in kernel-2.4.21-58.EL

c. JRE Security Update

JRE update to version 1.5.0_18, which addresses multiple security
issues that existed in earlier releases of JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_17: CVE-2008-2086, CVE-2008-5347, CVE-2008-5348,
CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,
CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357,
CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5339,
CVE-2008-5342, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346,
CVE-2008-5340, CVE-2008-5341, CVE-2008-5343, and CVE-2008-5355.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.

See also :

http://lists.vmware.com/pipermail/security-announce/2010/000076.html

Solution :

Apply the missing patches.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true