VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check)

High Nessus Plugin ID 89745


The remote VMware ESX host is missing a security-related patch.


The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

- bzip2
- Network Security Services (NSS) Library
- OpenSSL
- Samba


Apply the appropriate patch as referenced in the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1.

See Also


Plugin Details

Severity: High

ID: 89745

File Name: vmware_VMSA-2010-0019_remote.nasl

Version: $Revision: 1.6 $

Type: remote

Published: 2016/03/08

Modified: 2016/11/29

Dependencies: 57396

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/12/07

Vulnerability Publication Date: 2009/03/25

Exploitable With

Metasploit (Sun Java JRE AWT setDiffICM Buffer Overflow)

Reference Information

CVE: CVE-2009-0590, CVE-2009-2409, CVE-2009-3555, CVE-2010-0405, CVE-2010-3069

BID: 34256, 36881, 36935, 43212, 43331

OSVDB: 52864, 56752, 59971, 67994, 68167

VMSA: 2010-0019

IAVB: 2010-B-0083

CWE: 119, 310