VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)

high Nessus Plugin ID 89737

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

 - bind
 - expat
 - glib2
 - Kernel
 - newt
 - nfs-utils
 - NTP
 - OpenSSH
 - OpenSSL

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2010-0004

http://lists.vmware.com/pipermail/security-announce/2010/000104.html

Plugin Details

Severity: High

ID: 89737

File Name: vmware_VMSA-2010-0004_remote.nasl

Version: 1.6

Type: remote

Published: 3/8/2016

Updated: 1/6/2021

Dependencies: vmware_vsphere_detect.nbin

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/3/2010

Vulnerability Publication Date: 8/21/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2008-3916, CVE-2008-4316, CVE-2008-4552, CVE-2009-0115, CVE-2009-0590, CVE-2009-1189, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-2695, CVE-2009-2849, CVE-2009-2904, CVE-2009-2905, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3560, CVE-2009-3563, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3720, CVE-2009-3726, CVE-2009-4022

BID: 30815, 31602, 31823, 34100, 34256, 35001, 35138, 35174, 36304, 36515, 36552, 36639, 36706, 36723, 36824, 36827, 36901, 36936, 37118, 37203, 37255

VMSA: 2010-0004

CWE: 16, 20, 119, 189, 200, 264, 362, 399