VMSA-2011-0010 : VMware ESX third-party updates for Service Console packages glibc and dhcp

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote VMware ESX host is missing one or more security-related

Description :

a. Service Console update for DHCP

The DHCP client daemon, dhclient, does not properly sanatize
certain options in DHCP server replies. An attacker could send a
specially crafted DHCP server reply, that is saved on
the client system and evaluated by a process that assumes the
option is trusted. This could lead to arbitrary code execution
with the privileges of the evaluating process.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2011-0997 to this issue.

b. Service Console update for glibc

This patch updates the glibc package for ESX service console to
glibc-2.5-58.7602.vmw. This fixes multiple security issues in
glibc, glibc-common and nscd including possible local privilege

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2010-0296, CVE-2011-0536,
CVE-2011-1095, CVE-2011-1071, CVE-2011-1658 and CVE-2011-1659 to
these issues.

See also :


Solution :

Apply the missing patches.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 55747 ()

Bugtraq ID: 44154

CVE ID: CVE-2010-0296

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial