VMwareVMSA-2009-0009ESX Service Console updates for udev, sudo, and curl
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
80.8%
a. Service Console package udevA vulnerability in the udev program did not verify whether a NETLINKmessage originates from kernel space, which allows local users togain privileges by sending a NETLINK message from user space.The Common Vulnerabilities and Exposures Project (cve.mitre.org)has assigned the name CVE-2009-1185 to this issue.Please see http://kb.vmware.com/kb/1011786 for details.The following table lists what action remediates the vulnerability(column 4) if a solution is available.
| CPE | Name | Operator | Version |
|---|---|---|---|
| esx | lt | ESX400-200906411-SG | |
| esx | lt | ESX400-200906407-SG |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.008 Low
EPSS
Percentile
80.8%