VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)

high Nessus Plugin ID 89112

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a security-related patch.

Description

The remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities :

 - A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the 'helptags' command on malicious help files. (CVE-2007-2953)

 - Multiple flaws exist in the Vim system functions due to a failure to sanitize user-supplied input. An attacker can exploit these to execute arbitrary code by tricking a user into opening a crafted file. (CVE-2008-2712)

 - A heap-based buffer overflow condition exists in the Vim mch_expand_wildcards() function. An attacker can exploit this, via shell metacharacters in a crafted file name, to execute arbitrary code. (CVE-2008-3432)

 - Multiple flaws exist in Vim keyword and tag handling due to improper handling of escape characters. An attacker can exploit this, via a crafted document, to execute arbitrary shell commands or Ex commands. (CVE-2008-4101)

 - A security bypass vulnerability exists in OpenSSL due to a failure to properly check the return value from the EVP_VerifyFinal() function. A remote attacker can exploit this, via a malformed SSL/TLS signature for DSA and ECDSA keys, to bypass the validation of the certificate chain. (CVE-2008-5077)

 - A security bypass vulnerability exists in BIND due to a failure to properly check the return value from the OpenSSL DSA_verify() function. A remote attacker can exploit this, via a malformed SSL/TLS signature, to bypass the validation of the certificate chain on those systems using DNSSEC. (CVE-2009-0025)

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2009-0004

Plugin Details

Severity: High

ID: 89112

File Name: vmware_VMSA-2009-0004_remote.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 3/3/2016

Updated: 1/6/2021

Dependencies: vmware_vsphere_detect.nbin

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/31/2009

Vulnerability Publication Date: 7/27/2007

Reference Information

CVE: CVE-2007-2953, CVE-2008-2712, CVE-2008-3432, CVE-2008-4101, CVE-2008-5077, CVE-2009-0025

BID: 25095, 29715, 30648, 30795, 33150, 33151

VMSA: 2009-0004

CWE: 20, 119, 287