VMSA-2009-0009 : ESX Service Console updates for udev, sudo, and curl

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing one or more security-related
patches.

Description :

a. Service Console package udev

A vulnerability in the udev program did not verify whether a NETLINK
message originates from kernel space, which allows local users to
gain privileges by sending a NETLINK message from user space.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-1185 to this issue.

Please see http://kb.vmware.com/kb/1011786 for details.

b. Service Console package sudo

Service Console package for sudo has been updated to version
sudo-1.6.9p17-3. This fixes the following issue: Sudo versions
1.6.9p17 through 1.6.9p19 do not properly interpret a system group
in the sudoers file during authorization decisions for a user who
belongs to that group, which might allow local users to leverage an
applicable sudoers file and gain root privileges by using a sudo
command.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0034 to this issue.

Please see http://kb.vmware.com/kb/1011781 for more details

c. Service Console package curl

Service Console package for curl has been updated to version
curl-7.15.5-2.1. This fixes the following issue: The redirect
implementation in curl and libcurl 5.11 through 7.19.3, when
CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location
values, which might allow remote HTTP servers to trigger arbitrary
requests to intranet servers, read or overwrite arbitrary files by
using a redirect to a file: URL, or execute arbitrary commands by
using a redirect to an scp: URL.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0037 to this issue.

Please see http://kb.vmware.com/kb/1011782 for details

See also :

http://lists.vmware.com/pipermail/security-announce/2009/000060.html

Solution :

Apply the missing patches.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 52011 ()

Bugtraq ID: 33517
33962
34536

CVE ID: CVE-2009-0034
CVE-2009-0037
CVE-2009-1185