Detections
Analytics

VMSA-2010-0003 : ESX Service Console update for net-snmp

medium Nessus Plugin ID 44642

Language:

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

a. Service Console package net-snmp updated

 This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by- zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail.

 This vulnerability was introduced by an incorrect fix for CVE-2008-4309.

 The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1887 to this issue.

 Note: After installing the previous patch for net-snmp (ESX350-200901409-SG), running the snmpbulkwalk command with the parameter -CnX results in no output, and the snmpd daemon stops.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2010/000084.html

Plugin Details

Severity: Medium

ID: 44642

File Name: vmware_VMSA-2010-0003.nasl

Version: 1.14

Type: local

Published: 2/17/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:vmware:esx:3.0.3, cpe:/o:vmware:esx:3.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Patch Publication Date: 2/16/2010

Reference Information

CVE: CVE-2009-1887

CWE: 189

VMSA: 2010-0003