VMSA-2013-0007 : VMware ESX third-party update for Service Console package sudo

high Nessus Plugin ID 66723

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

a. Service Console update for sudo The service console package sudo is updated to version 1.7.2p1-14.el5_8.3

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2337 and CVE-2012-3440 to the issues addressed in this update.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2013/000228.html

Plugin Details

Severity: High

ID: 66723

File Name: vmware_VMSA-2013-0007.nasl

Version: 1.19

Type: local

Published: 5/31/2013

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:4.0, cpe:/o:vmware:esx:4.1

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/30/2013

Reference Information

CVE: CVE-2012-2337, CVE-2012-3440

BID: 53569, 54868

VMSA: 2013-0007