Detections
Analytics
VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernel
high Nessus Plugin ID 47150
Language:
Synopsis
The remote VMware ESX host is missing a security-related patch.Description
a. Service Console update for COS kernelThe service console package kernel is updated to version 2.4.21-63.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2698, CVE-2009-2692 to the security issues fixed in kernel-2.4.21-60.
Solution
Apply the missing patch.See Also
http://lists.vmware.com/pipermail/security-announce/2010/000098.html
Plugin Details
Severity: High
ID: 47150
File Name: vmware_VMSA-2010-0010.nasl
Version: 1.25
Type: local
Family: VMware ESX Local Security Checks
Published: 6/28/2010
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS v3
Risk Factor: High
Base Score: 7
Temporal Score: 6.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:vmware:esx:3.5
Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/24/2010
Vulnerability Publication Date: 11/10/2008
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Linux Kernel Sendpage Local Privilege Escalation)
Reference Information
CVE: CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2692, CVE-2009-2698, CVE-2009-2848, CVE-2009-3002, CVE-2009-3547
BID: 32154, 34405, 35185, 35647, 35930, 36038, 36108, 36176, 36901