Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_VMSA-2012-0005_REMOTE.NASL
HistoryMar 03, 2016 - 12:00 a.m.

VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)

2016-03-0300:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
452
JSON

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :

  • Apache Tomcat
  • bzip2 library
  • JRE
  • WDDM display driver
  • XPDM display driver
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89106);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2010-0405",
    "CVE-2011-3190",
    "CVE-2011-3375",
    "CVE-2011-3389",
    "CVE-2011-3516",
    "CVE-2011-3521",
    "CVE-2011-3544",
    "CVE-2011-3545",
    "CVE-2011-3546",
    "CVE-2011-3547",
    "CVE-2011-3548",
    "CVE-2011-3549",
    "CVE-2011-3550",
    "CVE-2011-3551",
    "CVE-2011-3552",
    "CVE-2011-3553",
    "CVE-2011-3554",
    "CVE-2011-3555",
    "CVE-2011-3556",
    "CVE-2011-3557",
    "CVE-2011-3558",
    "CVE-2011-3560",
    "CVE-2011-3561",
    "CVE-2012-0022",
    "CVE-2012-1508",
    "CVE-2012-1510",
    "CVE-2012-1512"
  );
  script_bugtraq_id(
    43331,
    49353,
    49778,
    50118,
    50211,
    50215,
    50216,
    50218,
    50220,
    50223,
    50224,
    50226,
    50229,
    50231,
    50234,
    50236,
    50237,
    50239,
    50242,
    50243,
    50246,
    50248,
    50250,
    51442,
    51447,
    52524,
    52525
  );
  script_xref(name:"VMSA", value:"2012-0005");
  script_xref(name:"IAVB", value:"2010-B-0083");
  script_xref(name:"CERT", value:"864643");
  script_xref(name:"EDB-ID", value:"18171");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi / ESX host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in the following components :

  - Apache Tomcat
  - bzip2 library
  - JRE
  - WDDM display driver
  - XPDM display driver");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2012-0005.html");
  # http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3fed43a3");
  script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3554");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");

esx = "ESX/ESXi";

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, esx);
else
{
  esx = extract[1];
  ver = extract[2];
}

product = "VMware " + esx;

# fix builds
fixes = make_array(
  "ESX 4.0",  480973,
  "ESXi 4.0", 480973,
  "ESX 4.1",  800380,
  "ESXi 4.1", 502767,
  "ESXi 5.0", 623860
);

# security-only fix builds
sec_only_builds = make_array(
  "ESX 4.1",  811144,
  "ESXi 5.0", 608089
);

key = esx + ' ' + ver;
fix = NULL;
fix = fixes[key];
sec_fix = NULL;
sec_fix = sec_only_builds[key];

bmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);
if (empty_or_null(bmatch))
  audit(AUDIT_UNKNOWN_BUILD, product, ver);

build = int(bmatch[1]);

if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);

if (build < fix && build != sec_fix)
{
  # if there is a security fix
  if (sec_fix)
    fix = fix + " / " + sec_fix;

  # properly spaced label
  if ("ESXi" >< esx) ver_label = ' version    : ';
  else ver_label = ' version     : ';
  report = '\n  ' + esx + ver_label + ver +
           '\n  Installed build : ' + build +
           '\n  Fixed build     : ' + fix +
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);
VendorProductVersionCPE
vmwareesxcpe:/o:vmware:esx
vmwareesxicpe:/o:vmware:esxi

References

Related

nessus 45
ibm 1
securityvulns 7
openvas 76
redhat 8
suse 5
threatpost 1
fedora 19
amazon 1
centos 1
debian 2
osv 4
oraclelinux 2
ubuntu 3
vmware 3
seebug 1
tomcat 1
prion 5
cve 5
ubuntucve 7
github 1
f5 1
nessus
nessus
Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST)
2011-10-20 00:00:00
VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE
2012-03-09 00:00:00
Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix)
2013-02-22 00:00:00
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:01:55
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2011-11-11 00:00:00
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
2011-11-11 00:00:00
VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-20 00:00:00
openvas
openvas
Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
2011-11-17 00:00:00
Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
2011-11-17 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01
2011-10-21 00:00:00
redhat
redhat
(RHSA-2012:0034) Critical: java-1.6.0-ibm security update
2012-01-18 00:00:00
(RHSA-2011:1384) Critical: java-1.6.0-sun security update
2011-10-19 00:00:00
(RHSA-2011:1380) Critical: java-1.6.0-openjdk security update
2011-10-18 00:00:00
suse
suse
Security update for IBM Java 1.6.0 (important)
2012-03-06 21:08:29
Security update for IBM Java (important)
2012-01-23 17:08:23
Security update for IBM Java 1.4.2 (important)
2012-01-26 04:08:11
threatpost
threatpost
Apple Releases New Java Updates, Fix 17 Flaws
2011-11-09 17:09:04
fedora
fedora
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16
2011-11-05 01:27:14
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16
2011-11-10 17:36:54
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.5.fc16
2012-10-18 00:30:15
amazon
amazon
Critical: java-1.6.0-openjdk
2011-10-31 18:22:00
centos
centos
java security update
2011-10-19 21:07:19
debian
debian
[SECURITY] [DSA 2356-1] openjdk-6 security update
2011-12-01 20:33:15
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:26:27
osv
osv
openjdk-6 - several
2011-12-01 00:00:00
openjdk-6 - several
2011-12-05 00:00:00
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
2022-05-14 01:17:02
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-10-18 00:00:00
bzip2 security update
2010-09-20 00:00:00
ubuntu
ubuntu
IcedTea-Web, OpenJDK 6 vulnerabilities
2011-11-16 00:00:00
OpenJDK 6 regression
2012-01-24 00:00:00
Tomcat vulnerabilities
2012-02-13 00:00:00
vmware
vmware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-15 00:00:00
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
2012-03-15 00:00:00
VMware View privilege escalation and cross-site scripting
2012-03-15 00:00:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.35
2011-12-05 00:00:00
prion
prion
Design/Logic Flaw
2011-10-19 21:55:00
Design/Logic Flaw
2011-10-19 21:55:00
Cross site scripting
2012-03-16 20:55:00
cve
cve
CVE-2011-3557
2011-10-19 21:55:00
CVE-2011-3556
2011-10-19 21:55:00
CVE-2011-3516
2011-10-19 21:55:00
ubuntucve
ubuntucve
CVE-2011-3556
2011-10-19 00:00:00
CVE-2011-3557
2011-10-19 00:00:00
CVE-2012-1510
2012-03-16 00:00:00
github
github
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
2022-05-14 01:17:02
f5
f5
K15878 : bzip2 vulnerability CVE-2010-0405
2014-11-27 00:00:00
JSON
Related for VMWARE_VMSA-2012-0005_REMOTE.NASL
nessus45ibm1securityvulns7openvas76redhat8suse5threatpost1fedora19amazon1centos1debian2osv4oraclelinux2ubuntu3vmware3seebug1tomcat1prion5cve5ubuntucve7github1f51