Detections
Analytics

VMSA-2009-0015 : VMware hosted products and ESX patches resolve two security issues

medium Nessus Plugin ID 42289

Synopsis

The remote VMware ESXi / ESX host is missing one or more security-related patches.

Description

a. Mishandled exception on page faults

 An improper setting of the exception code on page faults may allow for local privilege escalation on the guest operating system. This vulnerability does not affect the host system.

 VMware would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for reporting this issue to us.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2267 to this issue.

b. Directory Traversal vulnerability

 A directory traversal vulnerability allows for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides.

 VMware would like to thank Justin Morehouse and Jason Kratzer for independently reporting this issue to us.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3733 to this issue.

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2009/000069.html

Plugin Details

Severity: Medium

ID: 42289

File Name: vmware_VMSA-2009-0015.nasl

Version: 1.28

Type: local

Published: 10/28/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:2.5.5, cpe:/o:vmware:esx:3.5, cpe:/o:vmware:esxi:3.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/27/2009

Vulnerability Publication Date: 11/2/2009

Exploitable With

CANVAS (D2ExploitPack)

Elliot (Vmware Server File Disclosure)

Reference Information

CVE: CVE-2009-2267, CVE-2009-3733

CWE: 22

VMSA: 2009-0015