VMSA-2012-0011 : VMware hosted products and ESXi and ESX patches address security issues

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. VMware Host Checkpoint file memory corruption

Input data is not properly validated when loading Checkpoint files.
This may allow an attacker with the ability to load a specially
crafted Checkpoint file to execute arbitrary code on the host.

Workaround
- None identified

Mitigation
- Do not import virtual machines from untrusted sources.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-3288 to this issue.

b. VMware Virtual Machine Remote Device Denial of Service

A device (e.g. CD-ROM, keyboard) that is available to a virtual
machine while physically connected to a system that does not run the
virtual machine is referred to as a remote device.

Traffic coming from remote virtual devices is incorrectly handled.
This may allow an attacker who is capable of manipulating the
traffic from a remote virtual device to crash the virtual machine.

Workaround
- None identified

Mitigation
- Users need administrative privileges on the virtual machine
in order to attach remote devices.
- Do not attach untrusted remote devices to a virtual machine.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-3289 to this issue.

See also :

http://lists.vmware.com/pipermail/security-announce/2012/000178.html

Solution :

Apply the missing patch.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 59506 ()

Bugtraq ID: 53996

CVE ID: CVE-2012-3288
CVE-2012-3289