VMSA-2008-0017 : Updated ESX packages for libxml2, ucd-snmp, libtiff

critical Nessus Plugin ID 40384
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

a. Updated ESX Service Console package libxml2

A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3281 to this issue.

Additionally the following was also fixed, but was missing in the security advisory.

A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3529 to this issue.

b. Updated ESX Service Console package ucd-snmp

A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0960 to this issue.

c. Updated third-party library libtiff

Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2327 to this issue.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2008/000047.html

Plugin Details

Severity: Critical

ID: 40384

File Name: vmware_VMSA-2008-0017.nasl

Version: 1.30

Type: local

Published: 7/27/2009

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:2.5.4, cpe:/o:vmware:esx:2.5.5, cpe:/o:vmware:esx:3.0.2, cpe:/o:vmware:esx:3.0.3

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/31/2008

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-0960, CVE-2008-2327, CVE-2008-3281, CVE-2008-3529

BID: 29623, 30783, 30832

VMSA: 2008-0017

CWE: 119, 287, 399