Detections
Analytics

VMSA-2010-0015 : VMware ESX third-party updates for Service Console

critical Nessus Plugin ID 49703

Language:

Synopsis

The remote VMware ESX host is missing one or more security-related patches.

Description

a. Service Console update for NSS_db

 The service console package NSS_db is updated to version nss_db-2.2-35.4.el5_5.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0826 to this issue.

b. Service Console update for OpenLDAP

 The service console package OpenLDAP updated to version 2.3.43-12.el5.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3767 to this issue.

c. Service Console update for cURL

 The service console packages for cURL updated to version 7.15.5-9.el5.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to this issue.

d. Service Console update for sudo

 The service console package sudo updated to version 1.7.2p1-7.el5_5.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1646 to this issue.

e. Service Console update for OpenSSL, GnuTLS, NSS and NSPR

 Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2 and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8, and NSS to version 3.12.6-1.3235.vmw and NSPR to version 4.8.4-1.3235.vmw. These four updates are bundled together due to their mutual dependencies.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245 and CVE-2010-0433 to the issues addressed in this update.

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2010/000110.html

Plugin Details

Severity: Critical

ID: 49703

File Name: vmware_VMSA-2010-0015.nasl

Version: 1.19

Type: local

Published: 10/4/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:4.0, cpe:/o:vmware:esx:4.1

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2010

Exploitable With

Metasploit (Sun Java JRE AWT setDiffICM Buffer Overflow)

Reference Information

CVE: CVE-2009-2409, CVE-2009-3245, CVE-2009-3555, CVE-2009-3767, CVE-2010-0433, CVE-2010-0734, CVE-2010-0826, CVE-2010-1646

BID: 36844, 36881, 36935, 38162, 38533, 38562, 39132, 40538

CWE: 20, 310

VMSA: 2010-0015