VMSA-2010-0016 : VMware ESXi and ESX third-party updates for Service Console and Likewise components

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing one or more
security-related patches.

Description :

a. Service Console OS update for COS kernel

This patch updates the service console kernel to fix multiple
security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0415, CVE-2010-0307,
CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and
CVE-2010-1088 to these issues.

b. Likewise package updates

Updates to the likewisekrb5, likewiseopenldap, likewiseopen,
and pamkrb5 packages address several security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0844, CVE-2009-0845,
CVE-2009-0846, CVE-2009-4212, and CVE-2010-1321 to these issues.

See also :

http://lists.vmware.com/pipermail/security-announce/2011/000116.html

Solution :

Apply the missing patches.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true