VMSA-2009-0009 : ESX Service Console updates for udev, sudo, and curl

high Nessus Plugin ID 52011

Synopsis

The remote VMware ESX host is missing one or more security-related patches.

Description

a. Service Console package udev

A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1185 to this issue.

Please see http://kb.vmware.com/kb/1011786 for details.

b. Service Console package sudo

Service Console package for sudo has been updated to version sudo-1.6.9p17-3. This fixes the following issue: Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0034 to this issue.

Please see http://kb.vmware.com/kb/1011781 for more details

c. Service Console package curl

Service Console package for curl has been updated to version curl-7.15.5-2.1. This fixes the following issue: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0037 to this issue.

Please see http://kb.vmware.com/kb/1011782 for details

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2009/000060.html

Plugin Details

Severity: High

ID: 52011

File Name: vmware_VMSA-2009-0009.nasl

Version: 1.18

Type: local

Published: 2/17/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:4.0

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux udev Netlink Local Privilege Escalation)

Reference Information

CVE: CVE-2009-0034, CVE-2009-0037, CVE-2009-1185

BID: 33517, 33962, 34536

CWE: 20, 264, 352

VMSA: 2009-0009