VMSA-2013-0015 : VMware ESX updates to third-party libraries

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX host is missing one or more security-related
patches.

Description :

a. Update to ESX service console kernel

The ESX service console kernel is updated to resolve multiple
security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147,
CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234,
CVE-2013-2237, CVE-2013-2232 to these issues.

b. Update to ESX service console NSPR and NSS

This patch updates the ESX service console Netscape Portable
Runtime (NSPR) and Network Security Services (NSS) RPMs to resolve
multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2013-0791 and CVE-2013-1620 to these
issues.

See also :

http://lists.vmware.com/pipermail/security-announce/2013/000227.html

Solution :

Apply the missing patches.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true