VMware ESX Multiple Vulnerabilities (VMSA-2009-0009) (remote check)

high Nessus Plugin ID 89115
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a security-related patch.

Description

The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in sudo in file parse.c due to a failure to properly interpret a system group (%group) in the sudoers configuration file when handling authorization decisions for users belonging to that group. A local attacker can exploit this to gain root privileges via a crafted sudo command. (CVE-2009-0034)

- A flaw exists in the redirect implementation in libcurl that allows arbitrary Location values to be accepted when CURLOPT_FOLLOWLOCATION is enabled. An attacker with control of a remote HTTP server can exploit this, via crafted redirect URLs, to trigger requests to intranet servers, to read or write arbitrary files, or to execute arbitrary commands. (CVE-2009-0037)

- A flaw exists in udev due to a failure to verify that a NETLINK message originates from the kernel space. A local attacker can exploit this, via a crafted NETLINK message, to gain elevated privileges on the root file system. (CVE-2009-1185)

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2009-0009

Plugin Details

Severity: High

ID: 89115

File Name: vmware_VMSA-2009-0009_remote.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 3/3/2016

Updated: 1/6/2021

Dependencies: vmware_vsphere_detect.nbin

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2009

Vulnerability Publication Date: 1/29/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux udev Netlink Local Privilege Escalation)

Reference Information

CVE: CVE-2009-0034, CVE-2009-0037, CVE-2009-1185

BID: 33517, 33962, 34536

VMSA: 2009-0009

EDB-ID: 8572, 21848

CWE: 20, 264, 352