VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check)

High Nessus Plugin ID 89676

Synopsis

The remote VMware ESX / ESXi host is missing a security-related patch.

Description

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities :

- Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 (krb5). An attacker can exploit these issues to impersonate a client, escalate privileges, and disclose sensitive information.
(CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021)

- A local arbitrary code execution vulnerability exists in the Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. A local attacker can exploit this vulnerability to execute arbitrary code. (CVE-2010-2240)

- A denial of service vulnerability exists that allows a remote attacker to exhaust available sockets, preventing further connections. (CVE-2011-1785)

- A denial of service vulnerability exists in the bundled version of lsassd in Likewise Open. A remote attacker can exploit this, via an Active Directory login attempt that provides a username containing an invalid byte sequence, to cause a daemon crash. (CVE-2011-1786)

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.

See Also

https://www.vmware.com/security/advisories/VMSA-2011-0007

http://lists.vmware.com/pipermail/security-announce/2011/000133.html

Plugin Details

Severity: High

ID: 89676

File Name: vmware_VMSA-2011-0007_remote.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 2016/03/04

Updated: 2018/08/16

Dependencies: 57396

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/04/28

Vulnerability Publication Date: 2010/08/17

Reference Information

CVE: CVE-2010-1323, CVE-2010-1324, CVE-2010-2240, CVE-2010-4020, CVE-2010-4021, CVE-2011-1785, CVE-2011-1786

BID: 42505, 45116, 45117, 45118, 45122, 47625, 47627

VMSA: 2011-0007

IAVA: 2011-A-0147