VMSA-2010-0019 : VMware ESX third-party updates for Service Console

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing one or more security-related
patches.

Description :

a. Service Console update for samba

The service console package samba is updated to version
3.0.9-1.3E.18.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3069 to this issue.

b. Service Console update for bzip2

The service console package bzip2 is updated to version
1.0.2-14.EL3 in ESX 3.x and version 1.0.3-6 in ESX
4.x.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0405 to this issue.

c. Service Console update for OpenSSL

The service console package openssl updated to version
0.9.7a-33.26.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0590, CVE-2009-2409 and
CVE-2009-3555 to the issues addressed in this update.

See also :

http://lists.vmware.com/pipermail/security-announce/2011/000134.html

Solution :

Apply the missing patches.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 51077 ()

Bugtraq ID: 34256
36881
36935
43212
43331

CVE ID: CVE-2009-0590
CVE-2009-2409
CVE-2009-3555
CVE-2010-0405
CVE-2010-3069