VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
critical Nessus Plugin ID 40383
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote VMware ESXi / ESX host is missing one or more security-related patches.Description
a. Privilege escalation on 64-bit guest operating systemsVMware products emulate hardware functions, like CPU, Memory, and IO.
A flaw in VMware's CPU hardware emulation could allow the virtual CPU to jump to an incorrect memory address. Exploitation of this issue on the guest operating system does not lead to a compromise of the host system but could lead to a privilege escalation on guest operating system. An attacker would need to have a user account on the guest operating system.
Affected 64-bit Windows and 64-bit FreeBSD guest operating systems and possibly other 64-bit operating systems. The issue does not affect the 64-bit versions of Linux guest operating systems.
VMware would like to thank Derek Soeder for discovering this issue and working with us on its remediation.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4279 this issue.
b. Update for VirtualCenter fixes a potential information disclosure
This release resolves an issue where a user's password could be displayed in cleartext. When logging into VirtualCenter Server 2.0 with Virtual Infrastructure Client 2.5, the user password might be displayed if it contains certain special characters. The dialog box displaying the password can appear in front or hidden behind other windows.
To remediate this issue the VirtualCenter client installations must be updated after updating to VirtualCenter Update 3
VMware would like to thank Mark Woollatt for reporting this issue to VMware.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4278 to this issue.
c. Update for VirtualCenter updates JRE to version 1.5.0_16
Update for VirtualCenter updates the JRE package to version 1.5.0_16, which addresses multiple security issues that existed in the previous version of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115 to the security issues fixed in JRE 1.5.0_16.
Solution
Apply the missing patches.See Also
http://lists.vmware.com/pipermail/security-announce/2008/000044.html
Plugin Details
Severity: Critical
ID: 40383
File Name: vmware_VMSA-2008-0016.nasl
Version: 1.25
Type: local
Family: VMware ESX Local Security Checks
Published: 7/27/2009
Updated: 1/6/2021
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:F/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/o:vmware:esx:3.0.1, cpe:/o:vmware:esx:3.0.2, cpe:/o:vmware:esx:3.0.3, cpe:/o:vmware:esx:3.5, cpe:/o:vmware:esxi:3.5
Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/3/2008
Exploitable With
CANVAS (D2ExploitPack)
Reference Information
CVE: CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, CVE-2008-4278, CVE-2008-4279