VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a security-related patch.

Description :

The remote VMware ESX host is missing a security-related patch. It is,
therefore, is affected by multiple vulnerabilities :

- A format string flaw exists in the Vim help tag
processor in the helptags_one() function that allows a
remote attacker to execute arbitrary code by tricking a
user into executing the 'helptags' command on malicious
help files. (CVE-2007-2953)

- Multiple flaws exist in the Vim system functions due to
a failure to sanitize user-supplied input. An attacker
can exploit these to execute arbitrary code by tricking
a user into opening a crafted file. (CVE-2008-2712)

- A heap-based buffer overflow condition exists in the Vim
mch_expand_wildcards() function. An attacker can exploit
this, via shell metacharacters in a crafted file name,
to execute arbitrary code. (CVE-2008-3432)

- Multiple flaws exist in Vim keyword and tag handling due
to improper handling of escape characters. An attacker
can exploit this, via a crafted document, to execute
arbitrary shell commands or Ex commands. (CVE-2008-4101)

- A security bypass vulnerability exists in OpenSSL due to
a failure to properly check the return value from the
EVP_VerifyFinal() function. A remote attacker can
exploit this, via a malformed SSL/TLS signature for DSA
and ECDSA keys, to bypass the validation of the
certificate chain. (CVE-2008-5077)

- A security bypass vulnerability exists in BIND due to a
failure to properly check the return value from the
OpenSSL DSA_verify() function. A remote attacker can
exploit this, via a malformed SSL/TLS signature, to
bypass the validation of the certificate chain on those
systems using DNSSEC. (CVE-2009-0025)

See also :

https://www.vmware.com/security/advisories/VMSA-2009-0004

Solution :

Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 3.5 / 4.0.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now