VMware ESX Multiple Vulnerabilities (VMSA-2010-0007) (remote check)
Critical Nessus Plugin ID 89739
SynopsisThe remote VMware ESX host is missing a security-related patch.
DescriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities :
- A format string flaw exists in the VMware Remote Console that allows a remote attacker to execute arbitrary code.
- A flaw exists in VMware Tools due to improper access to libraries. A remote attacker can exploit this to execute arbitrary code by convincing a Windows guest OS user into clicking on a file that is stored on a network share. (CVE-2010-1141)
- A flaw exists in VMware Tools due to improper loading of VMware programs. An attacker with access to a Windows guest OS can escalate privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. (CVE-2010-1142)
SolutionApply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0.