VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernel

high Nessus Plugin ID 47150

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

a. Service Console update for COS kernel

The service console package kernel is updated to version 2.4.21-63.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2698, CVE-2009-2692 to the security issues fixed in kernel-2.4.21-60.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2010/000098.html

Plugin Details

Severity: High

ID: 47150

File Name: vmware_VMSA-2010-0010.nasl

Version: 1.25

Type: local

Published: 6/28/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:3.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/24/2010

Vulnerability Publication Date: 11/10/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2692, CVE-2009-2698, CVE-2009-2848, CVE-2009-3002, CVE-2009-3547

BID: 32154, 34405, 35185, 35647, 35930, 36038, 36108, 36176, 36901

CWE: 119, 16, 189, 200, 264, 362, 399

VMSA: 2010-0010