VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)

Critical Nessus Plugin ID 89106

Synopsis

The remote VMware ESXi / ESX host is missing a security-related patch.

Description

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :

- Apache Tomcat
- bzip2 library
- JRE
- WDDM display driver
- XPDM display driver

Solution

Apply the appropriate patch according to the vendor advisory.

See Also

https://www.vmware.com/security/advisories/VMSA-2012-0005.html

http://www.nessus.org/u?3fed43a3

https://www.imperialviolet.org/2011/09/23/chromeandbeast.html

Plugin Details

Severity: Critical

ID: 89106

File Name: vmware_VMSA-2012-0005_remote.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 2016/03/03

Modified: 2018/09/06

Dependencies: 57396

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/03/15

Vulnerability Publication Date: 2010/09/20

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java RMI Server Insecure Default Configuration Java Code Execution)

Reference Information

CVE: CVE-2010-0405, CVE-2011-3190, CVE-2011-3375, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561, CVE-2012-0022, CVE-2012-1508, CVE-2012-1510, CVE-2012-1512

BID: 43331, 49353, 49778, 50118, 50211, 50215, 50216, 50218, 50220, 50223, 50224, 50226, 50229, 50231, 50234, 50236, 50237, 50239, 50242, 50243, 50246, 50248, 50250, 51442, 51447, 52524, 52525

VMSA: 2012-0005

IAVB: 2010-B-0083

CERT: 864643

EDB-ID: 18171