Detections
Analytics

VMSA-2012-0008 : VMware ESX updates to ESX Service Console

high Nessus Plugin ID 58903

Language:

Synopsis

The remote VMware ESX host is missing one or more security-related patches.

Description

a. ESX third-party update for Service Console kernel

 The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to these issues.

b. Updated ESX Service Console package libxml2

 The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues.

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues.

Solution

Apply the missing patches.

See Also

http://lists.vmware.com/pipermail/security-announce/2012/000189.html

Plugin Details

Severity: High

ID: 58903

File Name: vmware_VMSA-2012-0008.nasl

Version: 1.18

Type: local

Published: 4/28/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:4.1

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/26/2012

Vulnerability Publication Date: 11/17/2010

Reference Information

CVE: CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3191, CVE-2011-3905, CVE-2011-3919, CVE-2011-4348, CVE-2012-0028

BID: 44779, 48056, 48832, 49295, 49658, 51084, 51300, 51363, 51947

VMSA: 2012-0008