VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check)

high Nessus Plugin ID 89680

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote VMware ESX / ESXi host is missing a security-related patch.

Description

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities in several third-party components and libraries :

 - Kernel
 - krb5
 - glibc
 - mtp2sas
 - mptsas
 - mptspi

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2011-0012

http://lists.vmware.com/pipermail/security-announce/2012/000164.html

Plugin Details

Severity: High

ID: 89680

File Name: vmware_VMSA-2011-0012_remote.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 3/4/2016

Updated: 1/6/2021

Dependencies: vmware_vsphere_detect.nbin

Risk Information

VPR

Risk Factor: Critical

Score: 9

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:N

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/12/2011

Vulnerability Publication Date: 2/17/2010

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Reliable Datagram Sockets (RDS) Privilege Escalation)

Reference Information

CVE: CVE-2010-0296, CVE-2010-1083, CVE-2010-1323, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4655, CVE-2011-0281, CVE-2011-0282, CVE-2011-0521, CVE-2011-0536, CVE-2011-0710, CVE-2011-1010, CVE-2011-1071, CVE-2011-1090, CVE-2011-1095, CVE-2011-1478, CVE-2011-1494, CVE-2011-1495, CVE-2011-1658, CVE-2011-1659

BID: 39042, 42124, 42237, 42477, 42527, 42529, 43022, 43221, 43353, 43480, 43578, 43787, 43806, 43809, 44219, 44301, 44354, 44549, 44630, 44648, 44665, 44754, 44755, 44758, 45004, 45014, 45028, 45029, 45037, 45039, 45054, 45058, 45063, 45064, 45073, 45099, 45118, 45208, 45262, 45323, 45661, 45795, 45972, 45986, 46265, 46271, 46421, 46492, 46563, 46637, 46766, 47056, 47185, 47370

VMSA: 2011-0012