Detections
Analytics
VMSA-2010-0019 : VMware ESX third-party updates for Service Console
high Nessus Plugin ID 51077
Language:
Synopsis
The remote VMware ESX host is missing one or more security-related patches.Description
a. Service Console update for sambaThe service console package samba is updated to version 3.0.9-1.3E.18.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3069 to this issue.
b. Service Console update for bzip2
The service console package bzip2 is updated to version 1.0.2-14.EL3 in ESX 3.x and version 1.0.3-6 in ESX 4.x.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue.
c. Service Console update for OpenSSL
The service console package openssl updated to version 0.9.7a-33.26.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-2409 and CVE-2009-3555 to the issues addressed in this update.
Solution
Apply the missing patches.See Also
http://lists.vmware.com/pipermail/security-announce/2011/000134.html
Plugin Details
Severity: High
ID: 51077
File Name: vmware_VMSA-2010-0019.nasl
Version: 1.33
Type: local
Family: VMware ESX Local Security Checks
Published: 12/8/2010
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:vmware:esx:3.0.3, cpe:/o:vmware:esx:3.5, cpe:/o:vmware:esx:4.0, cpe:/o:vmware:esx:4.1
Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/7/2010
Exploitable With
Metasploit (Sun Java JRE AWT setDiffICM Buffer Overflow)
Reference Information
CVE: CVE-2009-0590, CVE-2009-2409, CVE-2009-3555, CVE-2010-0405, CVE-2010-3069