VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)

Critical Nessus Plugin ID 89116

Synopsis

The remote host is missing a security-related patch.

Description

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :

- ISC DHCP dhclient
- Integrated Services Digital Network (ISDN) subsystem
- Java Runtime Environment (JRE)
- Java SE Development Kit (JDK)
- Java SE Web Start
- Linux kernel
- Linux kernel 32-bit and 64-bit emulation
- Linux kernel Simple Internet Transition INET6
- Linux kernel tty
- Linux kernel virtual file system (VFS)
- Red Hat dhcpd init script for DHCP
- SBNI WAN driver

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX / ESXi version 3.5 / 4.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2009-0014

Plugin Details

Severity: Critical

ID: 89116

File Name: vmware_VMSA-2009-0014_remote.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 2016/03/03

Updated: 2018/08/06

Dependencies: 57396

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/10/16

Vulnerability Publication Date: 2007/11/20

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java Calendar Deserialization Privilege Escalation)

Reference Information

CVE: CVE-2007-6063, CVE-2008-0598, CVE-2008-2086, CVE-2008-2136, CVE-2008-2812, CVE-2008-3275, CVE-2008-3525, CVE-2008-4210, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5355, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2009-0692, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-1893

BID: 26605, 29235, 29942, 30076, 30647, 31368, 32608, 32620, 32892, 34240, 35668, 35670

VMSA: 2009-0014

CWE: 16, 20, 59, 94, 119, 189, 200, 264, 287, 399