VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)

High Nessus Plugin ID 89737

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

 - bind
 - expat
 - glib2
 - Kernel
 - newt
 - nfs-utils
 - NTP
 - OpenSSH
 - OpenSSL

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0.

See Also

https://www.vmware.com/security/advisories/VMSA-2010-0004

http://lists.vmware.com/pipermail/security-announce/2010/000104.html

Plugin Details

Severity: High

ID: 89737

File Name: vmware_VMSA-2010-0004_remote.nasl

Version: 1.5

Type: remote

Published: 2016/03/08

Updated: 2018/08/06

Dependencies: 57396

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/03/03

Vulnerability Publication Date: 2008/08/21

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2008-3916, CVE-2008-4316, CVE-2008-4552, CVE-2009-0115, CVE-2009-0590, CVE-2009-1189, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-2695, CVE-2009-2849, CVE-2009-2904, CVE-2009-2905, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3560, CVE-2009-3563, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3720, CVE-2009-3726, CVE-2009-4022

BID: 30815, 31602, 31823, 34100, 34256, 35001, 35138, 35174, 36304, 36515, 36552, 36639, 36706, 36723, 36824, 36827, 36901, 36936, 37118, 37203, 37255

VMSA: 2010-0004

CWE: 16, 20, 119, 189, 200, 264, 362, 399