VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)

High Nessus Plugin ID 89112

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote host is missing a security-related patch.

Description

The remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities :

- A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the 'helptags' command on malicious help files. (CVE-2007-2953)

- Multiple flaws exist in the Vim system functions due to a failure to sanitize user-supplied input. An attacker can exploit these to execute arbitrary code by tricking a user into opening a crafted file. (CVE-2008-2712)

- A heap-based buffer overflow condition exists in the Vim mch_expand_wildcards() function. An attacker can exploit this, via shell metacharacters in a crafted file name, to execute arbitrary code. (CVE-2008-3432)

- Multiple flaws exist in Vim keyword and tag handling due to improper handling of escape characters. An attacker can exploit this, via a crafted document, to execute arbitrary shell commands or Ex commands. (CVE-2008-4101)

- A security bypass vulnerability exists in OpenSSL due to a failure to properly check the return value from the EVP_VerifyFinal() function. A remote attacker can exploit this, via a malformed SSL/TLS signature for DSA and ECDSA keys, to bypass the validation of the certificate chain. (CVE-2008-5077)

- A security bypass vulnerability exists in BIND due to a failure to properly check the return value from the OpenSSL DSA_verify() function. A remote attacker can exploit this, via a malformed SSL/TLS signature, to bypass the validation of the certificate chain on those systems using DNSSEC. (CVE-2009-0025)

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2009-0004

Plugin Details

Severity: High

ID: 89112

File Name: vmware_VMSA-2009-0004_remote.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 2016/03/03

Updated: 2018/08/06

Dependencies: 57396

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/03/31

Vulnerability Publication Date: 2007/07/27

Reference Information

CVE: CVE-2007-2953, CVE-2008-2712, CVE-2008-3432, CVE-2008-4101, CVE-2008-5077, CVE-2009-0025

BID: 25095, 29715, 30648, 30795, 33150, 33151

VMSA: 2009-0004

CWE: 20, 119, 287