VMSA-2012-0009 : ESXi and ESX patches address critical security issues (uncredentialed check)

This script is (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX/ESXi host is affected by multiple security
vulnerabilities.

Description :

The remote VMware ESX/ESXi host is affected by the following security
vulnerabilities :

- ESX NFS traffic parsing vulnerability:
Due to a flaw in the handling of NFS traffic, it is
possible to overwrite memory. This vulnerability may
allow a user with access to the network to execute code
on the ESXi/ESX host without authentication. The issue
is not present in cases where there is no NFS traffic.
(CVE-2012-2448)

- VMware floppy device out-of-bounds memory write:
Due to a flaw in the virtual floppy configuration it is
possible to perform an out-of-bounds memory write. This
vulnerability may allow a guest user to crash the VMX
process or potentially execute code on the host. As a
workaround, remove the virtual floppy drive from the
list of virtual IO devices. The VMware hardening guides
recommend removing unused virtual IO devices in general.
Additionally, do not allow untrusted root users in your
virtual machines. Root or Administrator level
permissions are required to exploit this issue.
(CVE-2012-2449)

- VMware SCSI device unchecked memory write:
Due to a flaw in the SCSI device registration it is
possible to perform an unchecked write into memory.
This vulnerability may allow a guest user to crash the
VMX process or potentially execute code on the host. As
a workaround, remove the virtual SCSI controller from
the list of virtual IO devices. The VMware hardening
guides recommend removing unused virtual IO devices in
general. Additionally, do not allow untrusted root users
access to your virtual machines. Root or Administrator
level permissions are required to exploit this issue.
(CVE-2012-2450)

See also :

http://www.vmware.com/security/advisories/VMSA-2012-0009.html
http://lists.vmware.com/pipermail/security-announce/2012/000175.html

Solution :

Apply the missing patches.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: Gain a shell remotely

Nessus Plugin ID: 59447 ()

Bugtraq ID:

CVE ID: CVE-2012-2448
CVE-2012-2449
CVE-2012-2450