VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check)

high Nessus Plugin ID 89678
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.4

Synopsis

The remote VMware ESX / ESXi host is missing a security-related patch.

Description

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the Linux Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitrary code. (CVE-2010-2240)

- A packet filter bypass exists in the Linux Kernel e1000 driver due to processing trailing payload data as a complete frame. A remote attacker can exploit this to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536)

- A use-after-free error exists in the Linux Kernel when IPV6_RECVPKTINFO is set on a listening socket. A remote attacker can exploit this, via a SYN packet while the socket is in a listening (TCP_LISTEN) state, to cause a kernel panic, resulting in a denial of service condition. (CVE-2010-1188)

- An array index error exists in the Linux Kernel in the gdth_read_event() function. A local attacker can exploit this, via a negative event index in an IOCTL request, to cause a denial of service condition. (CVE-2009-3080)

- A race condition exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to gain privileges by mounting a filesystem on top of an arbitrary directory. (CVE-2011-1787)

- A flaw exists in the VMware Host Guest File System (HGFS) that allows a Solaris or FreeBSD guest operating system user to modify arbitrary guest operating system files. (CVE-2011-2145)

- A flaw exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to disclose host operating system files and directories.
(CVE-2011-2146)

- A flaw exists in the bundled Tom Sawyer GET Extension Factory that allows a remote attacker to cause a denial of service condition or the execution of arbitrary code via a crafted HTML document. (CVE-2011-2217)

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2011-0009

http://lists.vmware.com/pipermail/security-announce/2011/000158.html

Plugin Details

Severity: High

ID: 89678

File Name: vmware_VMSA-2011-0009_remote.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 3/4/2016

Updated: 1/6/2021

Dependencies: vmware_vsphere_detect.nbin

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/2/2011

Vulnerability Publication Date: 10/19/2009

Exploitable With

Core Impact

Metasploit (Tom Sawyer Software GET Extension Factory Remote Code Execution)

Reference Information

CVE: CVE-2009-3080, CVE-2009-4536, CVE-2010-1188, CVE-2010-2240, CVE-2011-1787, CVE-2011-2145, CVE-2011-2146, CVE-2011-2217

BID: 37068, 37519, 39016, 42505, 48098, 48099

VMSA: 2011-0009

CWE: 189