VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX / ESXi host is missing a security-related patch.

Description :

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in several third-party
components and libraries :

- Apache Tomcat
- Apache Tomcat Manager
- cURL
- Java Runtime Environment (JRE)
- Kernel
- Microsoft SQL Express
- OpenSSL
- pam_krb5

See also :

https://www.vmware.com/security/advisories/VMSA-2011-0003
http://lists.vmware.com/pipermail/security-announce/2011/000140.html

Solution :

Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 89674 ()

Bugtraq ID: 30082
30083
30118
30119
31534
32710
35112
36935
36954
37724
37762
37906
37942
37944
37945
38027
38058
38144
38162
38165
38185
38348
38479
38533
38857
38898
39013
39044
39062
39067
39068
39069
39070
39071
39072
39073
39075
39077
39078
39081
39082
39083
39084
39085
39086
39088
39089
39090
39091
39093
39094
39095
39096
39120
39492
39569
39635
39715
39719
39794
39979
40235
40356
40776
40920
41466
41544
41904
42242
42249
42306
43239
43965
43971
43979
43985
43988
43992
43994
44009
44011
44012
44013
44014
44016
44017
44026
44027
44028
44030
44032
44035
44040
44884

CVE ID: CVE-2008-0085
CVE-2008-0086
CVE-2008-0106
CVE-2008-0107
CVE-2008-3825
CVE-2008-5416
CVE-2009-1384
CVE-2009-2693
CVE-2009-2901
CVE-2009-2902
CVE-2009-3548
CVE-2009-3555
CVE-2009-4308
CVE-2010-0003
CVE-2010-0007
CVE-2010-0008
CVE-2010-0082
CVE-2010-0084
CVE-2010-0085
CVE-2010-0087
CVE-2010-0088
CVE-2010-0089
CVE-2010-0090
CVE-2010-0091
CVE-2010-0092
CVE-2010-0093
CVE-2010-0094
CVE-2010-0095
CVE-2010-0291
CVE-2010-0307
CVE-2010-0410
CVE-2010-0415
CVE-2010-0433
CVE-2010-0437
CVE-2010-0622
CVE-2010-0730
CVE-2010-0734
CVE-2010-0740
CVE-2010-0837
CVE-2010-0838
CVE-2010-0839
CVE-2010-0840
CVE-2010-0841
CVE-2010-0842
CVE-2010-0843
CVE-2010-0844
CVE-2010-0845
CVE-2010-0846
CVE-2010-0847
CVE-2010-0848
CVE-2010-0849
CVE-2010-0850
CVE-2010-0886
CVE-2010-1084
CVE-2010-1085
CVE-2010-1086
CVE-2010-1087
CVE-2010-1088
CVE-2010-1157
CVE-2010-1173
CVE-2010-1187
CVE-2010-1321
CVE-2010-1436
CVE-2010-1437
CVE-2010-1641
CVE-2010-2066
CVE-2010-2070
CVE-2010-2226
CVE-2010-2227
CVE-2010-2240
CVE-2010-2248
CVE-2010-2521
CVE-2010-2524
CVE-2010-2928
CVE-2010-2939
CVE-2010-3081
CVE-2010-3541
CVE-2010-3548
CVE-2010-3549
CVE-2010-3550
CVE-2010-3551
CVE-2010-3553
CVE-2010-3554
CVE-2010-3556
CVE-2010-3557
CVE-2010-3559
CVE-2010-3561
CVE-2010-3562
CVE-2010-3565
CVE-2010-3566
CVE-2010-3567
CVE-2010-3568
CVE-2010-3569
CVE-2010-3571
CVE-2010-3572
CVE-2010-3573
CVE-2010-3574
CVE-2010-3864

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now