VMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing one or more
security-related patches.

Description :

a. vCenter Server and ESX userworld update for OpenSSL library

The userworld OpenSSL library is updated to version openssl-0.9.8y
to resolve multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2013-0169 and CVE-2013-0166 to these
issues.

b. Service Console (COS) update for OpenSSL library

The Service Console updates for OpenSSL library is updated to version
openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2013-0169 and CVE-2013-0166 to these
issues.

c. ESX Userworld and Service Console (COS) update for libxml2 library

The ESX Userworld and Service Console libxml2 library is updated to
version libxml2-2.6.26-2.1.21.el5_9.1 and
libxml2-python-2.6.26-2.1.21.el5_9.1. to resolve a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-0338 to this issue.

d. Service Console (COS) update for GnuTLS library

The ESX service console GnuTLS RPM is updated to version
gnutls-1.4.1-10.el5_9.1 to resolve a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-2116 to this issue.

e. ESX third-party update for Service Console kernel

The ESX Service Console Operating System (COS) kernel is updated
to kernel-2.6.18-348.3.1.el5 which addresses several security
issues in the COS kernel.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2013-0268 and CVE-2013-0871 to these
issues.

See also :

http://lists.vmware.com/pipermail/security-announce/2014/000230.html

Solution :

Apply the missing patches.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 69193 ()

Bugtraq ID: 57778
57838
57986
58180
60215
60268

CVE ID: CVE-2013-0166
CVE-2013-0169
CVE-2013-0268
CVE-2013-0338
CVE-2013-0871
CVE-2013-2116