VMSA-2012-0009 : ESXi and ESX patches address critical security issues (uncredentialed check)

high Nessus Plugin ID 59447

Synopsis

The remote VMware ESX/ESXi host is affected by multiple security vulnerabilities.

Description

The remote VMware ESX/ESXi host is affected by the following security vulnerabilities :

- ESX NFS traffic parsing vulnerability:
Due to a flaw in the handling of NFS traffic, it is possible to overwrite memory. This vulnerability may allow a user with access to the network to execute code on the ESXi/ESX host without authentication. The issue is not present in cases where there is no NFS traffic.
(CVE-2012-2448)

- VMware floppy device out-of-bounds memory write:
Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host. As a workaround, remove the virtual floppy drive from the list of virtual IO devices. The VMware hardening guides recommend removing unused virtual IO devices in general.
Additionally, do not allow untrusted root users in your virtual machines. Root or Administrator level permissions are required to exploit this issue.
(CVE-2012-2449)

- VMware SCSI device unchecked memory write:
Due to a flaw in the SCSI device registration it is possible to perform an unchecked write into memory.
This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host. As a workaround, remove the virtual SCSI controller from the list of virtual IO devices. The VMware hardening guides recommend removing unused virtual IO devices in general. Additionally, do not allow untrusted root users access to your virtual machines. Root or Administrator level permissions are required to exploit this issue.
(CVE-2012-2450)

Solution

Apply the missing patches.

See Also

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

http://lists.vmware.com/pipermail/security-announce/2012/000175.html

Plugin Details

Severity: High

ID: 59447

File Name: vmware_esx_nfs_rce.nasl

Version: 1.6

Type: remote

Published: 6/11/2012

Updated: 12/4/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Ease: No known exploits are available

Patch Publication Date: 5/3/2012

Reference Information

CVE: CVE-2012-2448, CVE-2012-2449, CVE-2012-2450

VMSA: 2012-0009