VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus

Critical Nessus Plugin ID 40377

Synopsis

The remote VMware ESX host is missing one or more security-related patches.

Description

a. Updated pcre Service Console package addresses several security issues

The pcre package contains the Perl-Compatible Regular Expression library.
pcre is used by various Service Console utilities.

Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application.

VMware would like to thank Ludwig Nussel for reporting these issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues.

b. Updated net-snmp Service Console package addresses denial of service

net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall.

A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue.

c. Updated OpenPegasus Service Console package fixes overflow condition

OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall.

A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue.

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2008/000019.html

Plugin Details

Severity: Critical

ID: 40377

File Name: vmware_VMSA-2008-0007.nasl

Version: 1.24

Type: local

Published: 2009/07/27

Updated: 2018/08/07

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:3.0.1, cpe:/o:vmware:esx:3.0.2, cpe:/o:vmware:esx:3.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/04/15

Reference Information

CVE: CVE-2006-7228, CVE-2007-1660, CVE-2007-5846, CVE-2008-0003

BID: 26378, 26462, 26727, 27172

VMSA: 2008-0007

CWE: 119, 189, 399