VMware ESX Multiple Vulnerabilities (VMSA-2009-0009) (remote check)

High Nessus Plugin ID 89115


The remote host is missing a security-related patch.


The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in sudo in file parse.c due to a failure to properly interpret a system group (%group) in the sudoers configuration file when handling authorization decisions for users belonging to that group. A local attacker can exploit this to gain root privileges via a crafted sudo command. (CVE-2009-0034)

- A flaw exists in the redirect implementation in libcurl that allows arbitrary Location values to be accepted when CURLOPT_FOLLOWLOCATION is enabled. An attacker with control of a remote HTTP server can exploit this, via crafted redirect URLs, to trigger requests to intranet servers, to read or write arbitrary files, or to execute arbitrary commands. (CVE-2009-0037)

- A flaw exists in udev due to a failure to verify that a NETLINK message originates from the kernel space. A local attacker can exploit this, via a crafted NETLINK message, to gain elevated privileges on the root file system. (CVE-2009-1185)


Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0.

See Also


Plugin Details

Severity: High

ID: 89115

File Name: vmware_VMSA-2009-0009_remote.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 2016/03/03

Updated: 2018/08/06

Dependencies: 57396

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/07/10

Vulnerability Publication Date: 2009/01/29

Exploitable With


Core Impact

Metasploit (Linux udev Netlink Local Privilege Escalation)

Reference Information

CVE: CVE-2009-0034, CVE-2009-0037, CVE-2009-1185

BID: 33517, 33962, 34536

VMSA: 2009-0009

EDB-ID: 8572, 21848

CWE: 20, 264, 352