VMSA-2011-0007 : VMware ESXi and ESX Denial of Service and third-party updates for Likewise components and ESX Service Console

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. ESX/ESXi Socket Exhaustion

By sending malicious network traffic to an ESXi or ESX host an
attacker could exhaust the available sockets which would prevent
further connections to the host. In the event a host becomes
inaccessible its virtual machines will continue to run and have
network connectivity but a reboot of the ESXi or ESX host may be
required in order to be able to connect to the host again.

ESXi and ESX hosts may intermittently lose connectivity caused by
applications that do not correctly close sockets. If this occurs an
error message similar to the following may be written to the vpxa
log :

socket() returns -1 (Cannot allocate memory)

An error message similar to the following may be written to the
vmkernel logs :

socreate(type=2, proto=17) failed with error 55

VMware would like to thank Jimmy Scott at inet-solutions.be for
reporting this issue to us.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2011-1785 to this issue.

b. Likewise package update

Updates to the vmware-esx-likewise-openldap and
vmware-esx-likewise-krb5 packages address several security issues.

One of the vulnerabilities is specific to Likewise while the other
vulnerabilities are present in the MIT version of krb5.
An incorrect assert() call in Likewise may lead to a termination
of the Likewise-open lsassd service if a username with an illegal
byte sequence is entered for user authentication when logging in to
the Active Directory domain of the ESXi/ESX host. This would lead to
a denial of service.
The MIT-krb5 vulnerabilities are detailed in MITKRB5-SA-2010-007.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-1786 (Likewise-only issue),
CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021 to these
issues.

c. ESX third-party update for Service Console kernel

The Service Console kernel is updated to include a fix for a
security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2010-2240 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2011/000133.html

Solution :

Apply the missing patch.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 53592 ()

Bugtraq ID: 42505
45116
45117
45118
45122
47625
47627

CVE ID: CVE-2010-1323
CVE-2010-1324
CVE-2010-2240
CVE-2010-4020
CVE-2010-4021
CVE-2011-1785
CVE-2011-1786