VMSA-2013-0009 VMware ESX and ESXi updates to third party libraries

VMware ESX and ESXi updates to third party libraries to address multiple security vulnerabilitie

Reporter	Title	Published	Views	Family All 958
FreeBSD	OpenSSL -- TLS 1.1, 1.2 denial of service	5 Feb 201300:00	–	freebsd
FreeBSD	FreeBSD -- OpenSSL multiple vulnerabilities	2 Apr 201300:00	–	freebsd
FreeBSD	libxml2 -- cpu consumption Dos	21 Feb 201300:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM and QRadar Risk Manager can be affected by three vulnerabilities in the IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)	25 Sep 202223:13	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM Rational ClearCase (GSKit component) with potential for TLS Attack (CVE-2013-0169)	10 Jul 201808:34	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU	26 Sep 202205:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Systems Director is affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2013-0169 and CVE-2014-3470)	31 Jan 201901:25	–	ibm
IBM Security Bulletins	Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)	17 Jun 201804:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QuickFile is affected by vulnerabilities that exist in the IBM Java SDK.	25 Sep 202223:13	–	ibm

Source	Link
vmware	www.vmware.com/security/advisories/VMSA-2013-0009.html

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_VMSA-2013-0009.nasl 6074 2017-05-05 09:03:14Z teissa $
#
# VMSA-2013-0009 VMware ESX and ESXi updates to third party libraries
#
# Authors:
# Michael Meyer <[email protected]>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "VMware has updated several third party libraries in ESX and ESXi to address multiple security vulnerabilities.";
tag_solution = "Apply the missing patch(es).";

tag_affected = "VMware ESXi 4.1 without patch ESXi410-201307001. 
VMware ESX 4.1 without patch ESX410-201307001
VMware ESXi 5.0 without Update 3
VMware ESXi 4.0 without patch ESXi400-201310001
VMware ESX 4.0 without patch ESX400-201310001";

tag_vuldetect = "Check for missing patches.";

tag_insight = "a. ESX userworld update for OpenSSL library
The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve
multiple security issues.

b. Service Console (COS) update for OpenSSL library
The Service Console updates for OpenSSL library is updated to version
openssl-0.9.8e-26.el5_9.1 to resolve multiple security issues.

c. ESX Userworld and Service Console (COS) update for libxml2 library
The ESX Userworld and Service Console libxml2 library is updated to version
libxml2-2.6.26-2.1.21.el5_9.1 and libxml2-python-2.6.26-2.1.21.el5_9.1. to
resolve a security issue. 

d. Service Console (COS) update for GnuTLS library
The ESX service console GnuTLS RPM is updated to version
gnutls-1.4.1-10.el5_9.1 to resolve a security issue.

e. ESX third party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-348.3.1.el5 which addresses several security issues in the COS
kernel.";


if (description)
{
 script_id(103749);
 script_cve_id("CVE-2013-0169","CVE-2013-0166","CVE-2013-0338","CVE-2013-2116","CVE-2013-0268","CVE-2013-0871");
 script_tag(name:"cvss_base", value:"6.9");
 script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
 script_version ("$Revision: 6074 $");
 script_name("VMSA-2013-0009 VMware ESX and ESXi updates to third party libraries");


 script_xref(name:"URL", value:"http://www.vmware.com/security/advisories/VMSA-2013-0009.html");

 script_tag(name:"last_modification", value:"$Date: 2017-05-05 11:03:14 +0200 (Fri, 05 May 2017) $");
 script_tag(name:"creation_date", value:"2013-08-07 14:04:01 +0100 (Wed, 07 Aug 2013)");
 script_category(ACT_GATHER_INFO);
 script_family("VMware Local Security Checks");
 script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
 script_dependencies("gb_vmware_esxi_init.nasl");
 script_mandatory_keys("VMware/ESXi/LSC","VMware/ESX/version");
 script_tag(name : "vuldetect" , value : tag_vuldetect);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name : "affected" , value : tag_affected);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

include("vmware_esx.inc");
include("version_func.inc");

if(!get_kb_item('VMware/ESXi/LSC'))exit(0);
if(!esxVersion = get_kb_item("VMware/ESX/version"))exit(0);

patches = make_array("4.1.0","ESXi410-201307401-SG",
                     "4.0.0","ESXi400-201310401-SG",
                     "5.0.0","VIB:esx-base:5.0.0-2.38.1311177");

if(!patches[esxVersion])exit(0);

if(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {

  security_message(port:0);
  exit(0);

}

exit(99);

05 May 2017 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.09511