VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernel

High Nessus Plugin ID 47150

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

a. Service Console update for COS kernel

The service console package kernel is updated to version 2.4.21-63.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2698, CVE-2009-2692 to the security issues fixed in kernel-2.4.21-60.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2010/000098.html

Plugin Details

Severity: High

ID: 47150

File Name: vmware_VMSA-2010-0010.nasl

Version: 1.23

Type: local

Published: 2010/06/28

Updated: 2018/08/06

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:3.5

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/06/24

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2692, CVE-2009-2698, CVE-2009-2848, CVE-2009-3002, CVE-2009-3547

BID: 32154, 34405, 35185, 35647, 35930, 36038, 36108, 36176, 36901

VMSA: 2010-0010

CWE: 16, 119, 189, 200, 264, 362, 399