ESX Service Console and vMA third party updates

2010-03-0300:00:00

www.vmware.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%

JSON

a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1 Newt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2905 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available.

CPENameOperatorVersion
esxltApply
esxltPath
esxltESX400-201002406-SG
vmaltApply Path  Patch 3
esxltESX400-201002407-SG
esxltESX400-201002404-SG
esxltApply Path  patched
esxltsee VMSA-2010-0009
esxltESX400-201005403-SG
esxltESX350-201008406-SG

Name	Operator	Version
esx	lt	Apply
esx	lt	Path
esx	lt	ESX400-201002406-SG
vma	lt	Apply Path Patch 3
esx	lt	ESX400-201002407-SG
esx	lt	ESX400-201002404-SG
esx	lt	Apply Path patched
esx	lt	see VMSA-2010-0009
esx	lt	ESX400-201005403-SG
esx	lt	ESX350-201008406-SG