Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_VMSA-2009-0006.NASL
HistoryJul 27, 2009 - 12:00 a.m.

VMSA-2009-0006 : VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability

2009-07-2700:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

a. Host code execution vulnerability from a guest operating system

A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.

This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on 2009-04-03. That vulnerability can cause a potential denial of service and is identified by CVE-2008-4916.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from VMware Security Advisory 2009-0006. 
# The text itself is copyright (C) VMware Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40391);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-1244");
  script_xref(name:"VMSA", value:"2009-0006");

  script_name(english:"VMSA-2009-0006 : VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability");
  script_summary(english:"Checks esxupdate output for the patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote VMware ESXi / ESX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"a. Host code execution vulnerability from a guest operating system

   A critical vulnerability in the virtual machine display function
   might allow a guest operating system to run code on the host.

   This issue is different from the vulnerability in a guest virtual
   device driver reported in VMware security advisory VMSA-2009-0005
   on 2009-04-03. That vulnerability can cause a potential denial of
   service and is identified by CVE-2008-4916.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the name CVE-2009-1244 to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply the missing patch.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-14-757");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:3.5");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
  script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");

  exit(0);
}


include("audit.inc");
include("vmware_esx_packages.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
  !get_kb_item("Host/VMware/esxcli_software_vibs") &&
  !get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);


init_esx_check(date:"2009-04-10");
flag = 0;


if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1008421")) flag++;

if (
  esx_check(
    ver           : "ESX 3.0.3",
    patch         : "ESX303-200904403-SG",
    patch_updates : make_list("ESX303-201002201-UG", "ESX303-Update01")
  )
) flag++;

if (
  esx_check(
    ver           : "ESX 3.5.0",
    patch         : "ESX350-200904201-SG",
    patch_updates : make_list("ESX350-200911201-UG", "ESX350-200912401-BG", "ESX350-201002403-BG", "ESX350-201003401-BG", "ESX350-201006401-SG", "ESX350-201008401-SG", "ESX350-201012401-SG", "ESX350-201105402-BG", "ESX350-201203401-SG", "ESX350-201205401-SG", "ESX350-201206401-SG", "ESX350-Update05", "ESX350-Update05a")
  )
) flag++;

if (esx_check(ver:"ESXi 3.5.0", patch:"ESXe350-200904201-O-SG")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
vmwareesx3.0.2cpe:/o:vmware:esx:3.0.2
vmwareesx3.0.3cpe:/o:vmware:esx:3.0.3
vmwareesx3.5cpe:/o:vmware:esx:3.5
vmwareesxi3.5cpe:/o:vmware:esxi:3.5

Related

prion 2
ubuntucve 1
vmware 2
cve 2
securityvulns 3
canvas 1
openvas 6
nessus 3
seebug 2
gentoo 1
prion
prion
Code injection
2009-04-13 16:30:00
Design/Logic Flaw
2009-04-06 15:30:00
ubuntucve
ubuntucve
CVE-2009-1244
2009-04-13 00:00:00
vmware
vmware
VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
2009-04-10 00:00:00
VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
2009-04-03 00:00:00
cve
cve
CVE-2009-1244
2009-04-13 16:30:00
CVE-2008-4916
2009-04-06 15:30:00
securityvulns
securityvulns
VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability
2009-04-12 00:00:00
VMWare multiple security vulnerabilities
2009-04-12 00:00:00
VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
2009-04-08 00:00:00
canvas
canvas
Immunity Canvas: CLOUDBURST
2009-04-13 16:30:00
openvas
openvas
VMware Products Multiple Vulnerabilities (VMSA-2009-0005, VMSA-2009-0006) - Linux
2009-05-18 00:00:00
VMware Products Multiple Vulnerabilities (VMSA-2009-0005, VMSA-2009-0006) - Windows
2009-05-18 00:00:00
VMware Products Multiple Vulnerabilities (Linux) Apr09
2009-05-18 00:00:00
nessus
nessus
VMware Products Multiple Vulnerabilities (VMSA-2009-0005/VMSA-2009-0007)
2009-04-09 00:00:00
VMSA-2009-0005 : VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
2009-07-27 00:00:00
GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities
2012-10-01 00:00:00
seebug
seebug
VMware宿主产品VMSA-2009-0005多个远程漏洞
2009-04-07 00:00:00
VMWare VMSA-2009-0005更新修复多个安全漏洞
2009-04-10 00:00:00
gentoo
gentoo
VMware Player, Server, Workstation: Multiple vulnerabilities
2012-09-29 00:00:00
JSON
Related for VMWARE_VMSA-2009-0006.NASL
prion2ubuntucve1vmware2cve2securityvulns3canvas1openvas6nessus3seebug2gentoo1