Detections
Analytics

VMSA-2009-0006 : VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability

medium Nessus Plugin ID 40391

Synopsis

The remote VMware ESXi / ESX host is missing a security-related patch.

Description

a. Host code execution vulnerability from a guest operating system

 A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.

 This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on 2009-04-03. That vulnerability can cause a potential denial of service and is identified by CVE-2008-4916.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2009/000055.html

Plugin Details

Severity: Medium

ID: 40391

File Name: vmware_VMSA-2009-0006.nasl

Version: 1.21

Type: local

Published: 7/27/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:3.0.2, cpe:/o:vmware:esx:3.0.3, cpe:/o:vmware:esx:3.5, cpe:/o:vmware:esxi:3.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/10/2009

Exploitable With

CANVAS (CANVAS)

ExploitHub (EH-14-757)

Reference Information

CVE: CVE-2009-1244

VMSA: 2009-0006