VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2

2009-07-27T00:00:00
ID VMWARE_VMSA-2008-0019.NASL
Type nessus
Reporter Tenable
Modified 2018-08-06T00:00:00

Description

a. Critical Memory corruption vulnerability

A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory.

VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue.

b. Updated Service Console package bzip2

bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from VMware Security Advisory 2008-0019. 
# The text itself is copyright (C) VMware Inc.
#

include("compat.inc");

if (description)
{
  script_id(40386);
  script_version("1.18");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id("CVE-2008-1372", "CVE-2008-4917");
  script_bugtraq_id(28286);
  script_xref(name:"VMSA", value:"2008-0019");

  script_name(english:"VMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2");
  script_summary(english:"Checks esxupdate output for the patches");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote VMware ESXi / ESX host is missing one or more
security-related patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"a. Critical Memory corruption vulnerability

   A memory corruption condition may occur in the virtual machine
   hardware. A malicious request sent from the guest operating
   system to the virtual hardware may cause the virtual hardware to
   write to uncontrolled physical memory.

   VMware would like to thank Andrew Honig of the Department of
   Defense for reporting this issue.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the name CVE-2008-4917 to this issue.

b. Updated Service Console package bzip2

   bzip2 versions before 1.0.5 can crash if certain flaws in compressed
   data lead to reading beyond the end of a buffer.  This might cause
   an application linked to the libbz2 library to crash when
   decompressing malformed archives.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the name CVE-2008-1372 to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.vmware.com/pipermail/security-announce/2008/000048.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:2.5.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:3.5");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
  script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");

  exit(0);
}


include("audit.inc");
include("vmware_esx_packages.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
  !get_kb_item("Host/VMware/esxcli_software_vibs") &&
  !get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);


init_esx_check(date:"2008-12-02");
flag = 0;


if (esx_check(ver:"ESX 2.5.5", patch:"11")) flag++;

if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006980")) flag++;
if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1006982")) flag++;

if (
  esx_check(
    ver           : "ESX 3.0.3",
    patch         : "ESX303-200811404-SG",
    patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01")
  )
) flag++;

if (
  esx_check(
    ver           : "ESX 3.5.0",
    patch         : "ESX350-200811401-SG",
    patch_updates : make_list("ESX350-200911201-UG", "ESX350-201006401-SG", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 3.5.0",
    patch         : "ESX350-200811406-SG",
    patch_updates : make_list("ESX350-201012409-SG", "ESX350-Update04", "ESX350-Update05", "ESX350-Update05a")
  )
) flag++;

if (esx_check(ver:"ESXi 3.5.0", patch:"ESXe350-200811401-O-SG")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");