VMSA-2009-0006 : VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.

Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

a. Host code execution vulnerability from a guest operating system

A critical vulnerability in the virtual machine display function
might allow a guest operating system to run code on the host.

This issue is different from the vulnerability in a guest virtual
device driver reported in VMware security advisory VMSA-2009-0005
on 2009-04-03. That vulnerability can cause a potential denial of
service and is identified by CVE-2008-4916.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-1244 to this issue.

See also :


Solution :

Apply the missing patch.

Risk factor :

Medium / CVSS Base Score : 6.8
Public Exploit Available : true

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 40391 ()

Bugtraq ID:

CVE ID: CVE-2009-1244

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now