VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check)

high Nessus Plugin ID 89745

Synopsis

The remote VMware ESX host is missing a security-related patch.

Description

The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

- bzip2
- Network Security Services (NSS) Library
- OpenSSL
- Samba

Solution

Apply the appropriate patch as referenced in the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1.

See Also

http://lists.vmware.com/pipermail/security-announce/2011/000134.html

Plugin Details

Severity: High

ID: 89745

File Name: vmware_VMSA-2010-0019_remote.nasl

Version: 1.8

Type: remote

Published: 3/8/2016

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:vmware:esx

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/7/2010

Vulnerability Publication Date: 3/25/2009

Exploitable With

Metasploit (Sun Java JRE AWT setDiffICM Buffer Overflow)

Reference Information

CVE: CVE-2009-0590, CVE-2009-2409, CVE-2009-3555, CVE-2010-0405, CVE-2010-3069

BID: 34256, 36881, 36935, 43212, 43331

CWE: 119, 310

IAVB: 2010-B-0083

VMSA: 2010-0019