Detections
Analytics
VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
high Nessus Plugin ID 40386
Synopsis
The remote VMware ESXi / ESX host is missing one or more security-related patches.Description
a. Critical Memory corruption vulnerabilityA memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory.
VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue.
b. Updated Service Console package bzip2
bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue.
Solution
Apply the missing patches.See Also
http://lists.vmware.com/pipermail/security-announce/2008/000048.html
Plugin Details
Severity: High
ID: 40386
File Name: vmware_VMSA-2008-0019.nasl
Version: 1.19
Type: local
Family: VMware ESX Local Security Checks
Published: 7/27/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:vmware:esx:2.5.5, cpe:/o:vmware:esx:3.0.2, cpe:/o:vmware:esx:3.0.3, cpe:/o:vmware:esx:3.5, cpe:/o:vmware:esxi:3.5
Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/2/2008
Reference Information
CVE: CVE-2008-1372, CVE-2008-4917
BID: 28286