VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check)

high Nessus Plugin ID 89676

Synopsis

The remote VMware ESX / ESXi host is missing a security-related patch.

Description

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities :

- Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 (krb5). An attacker can exploit these issues to impersonate a client, escalate privileges, and disclose sensitive information.
(CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021)

- A local arbitrary code execution vulnerability exists in the Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. A local attacker can exploit this vulnerability to execute arbitrary code. (CVE-2010-2240)

- A denial of service vulnerability exists that allows a remote attacker to exhaust available sockets, preventing further connections. (CVE-2011-1785)

- A denial of service vulnerability exists in the bundled version of lsassd in Likewise Open. A remote attacker can exploit this, via an Active Directory login attempt that provides a username containing an invalid byte sequence, to cause a daemon crash. (CVE-2011-1786)

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.

See Also

https://www.vmware.com/security/advisories/VMSA-2011-0007

http://lists.vmware.com/pipermail/security-announce/2011/000133.html

Plugin Details

Severity: High

ID: 89676

File Name: vmware_VMSA-2011-0007_remote.nasl

Version: 1.7

Type: remote

Family: Misc.

Published: 3/4/2016

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2010-2240

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Ease: No known exploits are available

Patch Publication Date: 4/28/2011

Vulnerability Publication Date: 8/17/2010

Reference Information

CVE: CVE-2010-1323, CVE-2010-1324, CVE-2010-2240, CVE-2010-4020, CVE-2010-4021, CVE-2011-1785, CVE-2011-1786

BID: 42505, 45116, 45117, 45118, 45122, 47625, 47627

VMSA: 2011-0007