VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0008) (remote check)
Medium Nessus Plugin ID 89677
SynopsisThe remote VMware ESX / ESXi host is missing a security-related patch.
DescriptionThe remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities :
- A directory traversal vulnerability exists that allows a remote attacker to read arbitrary files. (CVE-2011-0426)
- An information disclosure vulnerability exists due to insecure storage of SOAP sesion IDs in a log file. A local attacker can exploit this to disclose administrative user IDs. (CVE-2011-1788)
- A digital signature verification weakness exists in the self-extracting installer in the vSphere Client Installer package. A remote attacker can exploit this to spoof the software distribution via a Trojan horse installer. (CVE-2011-1789)
SolutionApply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 or ESXi version 4.0.