VMware Studio 2.x < 2.1 Multiple Vulnerabilities

This script is (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote VMware host is missing one or more security-related
patches.

Description :

The version of VMware Studio installed on the remote host is 2.x prior
to 2.1. It is, therefore, potentially affected by multiple
vulnerabilities :

- An authenticated code execution vulnerability exists in
the Virtual Appliance Management Infrastructure.
(CVE-2010-2667)

- A local privilege escalation vulnerability exists.
(CVE-2010-2427)

See also :

http://www.vmware.com/security/advisories/VMSA-2010-0011.html
http://lists.vmware.com/pipermail/security-announce/2010/000101.html

Solution :

Upgrade to VMware Studio 2.1.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 52013 ()

Bugtraq ID: 41566
41568

CVE ID: CVE-2010-2427
CVE-2010-2667