VMSA-2009-0015 : VMware hosted products and ESX patches resolve two security issues

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing one or more
security-related patches.

Description :

a. Mishandled exception on page faults

An improper setting of the exception code on page faults may allow
for local privilege escalation on the guest operating system. This
vulnerability does not affect the host system.

VMware would like to thank Tavis Ormandy and Julien Tinnes of the
Google Security Team for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2267 to this issue.

b. Directory Traversal vulnerability

A directory traversal vulnerability allows for remote retrieval of
any file from the host system. In order to send a malicious request,
the attacker will need to have access to the network on which the
host resides.

VMware would like to thank Justin Morehouse and Jason Kratzer for
independently reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3733 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2009/000069.html

Solution :

Apply the missing patches.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 42289 ()

Bugtraq ID:

CVE ID: CVE-2009-2267
CVE-2009-3733