VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim

high Nessus Plugin ID 40389

Synopsis

The remote VMware ESX host is missing one or more security-related patches.

Description

a. Updated OpenSSL package for the Service Console fixes a security issue.

OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue.

b. Update bind package for the Service Console fixes a security issue.

A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue.

c. Updated vim package for the Service Console addresses several security issues.

Several input flaws were found in Visual editor IMproved's (Vim) keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4101 to this issue.

A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name, when opened by Vim causes the application to stop responding or execute arbitrary code.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3432 to this issue.

Several input flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2712 to this issue.

A format string flaw was discovered in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running VIM.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2953 to this issue.

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2010/000077.html

Plugin Details

Severity: High

ID: 40389

File Name: vmware_VMSA-2009-0004.nasl

Version: 1.29

Type: local

Published: 7/27/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:2.5.5, cpe:/o:vmware:esx:3.0.2, cpe:/o:vmware:esx:3.0.3, cpe:/o:vmware:esx:3.5, cpe:/o:vmware:esx:4.0

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/31/2009

Vulnerability Publication Date: 7/27/2007

Reference Information

CVE: CVE-2007-2953, CVE-2008-2712, CVE-2008-3432, CVE-2008-4101, CVE-2008-5077, CVE-2009-0021, CVE-2009-0025, CVE-2009-0046, CVE-2009-0047, CVE-2009-0048, CVE-2009-0049, CVE-2009-0050, CVE-2009-0051, CVE-2009-0124, CVE-2009-0125, CVE-2009-0127, CVE-2009-0128, CVE-2009-0130

BID: 25095, 33150, 33151

CWE: 119, 20, 287

VMSA: 2009-0004