CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.8%
The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(89116);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2007-6063",
"CVE-2008-0598",
"CVE-2008-2086",
"CVE-2008-2136",
"CVE-2008-2812",
"CVE-2008-3275",
"CVE-2008-3525",
"CVE-2008-4210",
"CVE-2008-5339",
"CVE-2008-5340",
"CVE-2008-5341",
"CVE-2008-5342",
"CVE-2008-5343",
"CVE-2008-5344",
"CVE-2008-5345",
"CVE-2008-5346",
"CVE-2008-5347",
"CVE-2008-5348",
"CVE-2008-5349",
"CVE-2008-5350",
"CVE-2008-5351",
"CVE-2008-5352",
"CVE-2008-5353",
"CVE-2008-5354",
"CVE-2008-5355",
"CVE-2008-5356",
"CVE-2008-5357",
"CVE-2008-5358",
"CVE-2008-5359",
"CVE-2008-5360",
"CVE-2009-0692",
"CVE-2009-1093",
"CVE-2009-1094",
"CVE-2009-1095",
"CVE-2009-1096",
"CVE-2009-1097",
"CVE-2009-1098",
"CVE-2009-1099",
"CVE-2009-1100",
"CVE-2009-1101",
"CVE-2009-1102",
"CVE-2009-1103",
"CVE-2009-1104",
"CVE-2009-1105",
"CVE-2009-1106",
"CVE-2009-1107",
"CVE-2009-1893"
);
script_bugtraq_id(
26605,
29235,
29942,
30076,
30647,
31368,
32608,
32620,
32892,
34240,
35668,
35670
);
script_xref(name:"VMSA", value:"2009-0014");
script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)");
script_summary(english:"Checks the ESX / ESXi version and build number.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security-related patch.");
script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in the following components :
- ISC DHCP dhclient
- Integrated Services Digital Network (ISDN) subsystem
- Java Runtime Environment (JRE)
- Java SE Development Kit (JDK)
- Java SE Web Start
- Linux kernel
- Linux kernel 32-bit and 64-bit emulation
- Linux kernel Simple Internet Transition INET6
- Linux kernel tty
- Linux kernel virtual file system (VFS)
- Red Hat dhcpd init script for DHCP
- SBNI WAN driver");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2009-0014");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX / ESXi version 3.5 / 4.0.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_cwe_id(16, 20, 59, 94, 119, 189, 200, 264, 287, 399);
script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/20");
script_set_attribute(attribute:"patch_publication_date", value:"2009/10/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_dependencies("vmware_vsphere_detect.nbin");
script_require_keys("Host/VMware/version", "Host/VMware/release");
script_require_ports("Host/VMware/vsphere");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
app_name = "VMware ESX";
version = get_kb_item_or_exit("Host/VMware/version");
release = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
fixes = make_array();
fixes["ESX 3.5"] = 199239;
fixes["ESX 4.0"] = 219382;
fixes["ESXi 4.0"] = 208167;
matches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);
if (empty_or_null(matches))
exit(1, 'Failed to extract the ESX / ESXi build number.');
type = matches[1];
build = int(matches[2]);
fixed_build = fixes[version];
if (!isnull(fixed_build) && build < fixed_build)
{
padding = crap(data:" ", length:8 - strlen(type)); # Spacing alignment
report = '\n ' + type + ' version' + padding + ': ' + version +
'\n Installed build : ' + build +
'\n Fixed build : ' + fixed_build +
'\n';
security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);
}
else
audit(AUDIT_INST_VER_NOT_VULN, "VMware " + version + " build " + build);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1893
www.vmware.com/security/advisories/VMSA-2009-0014
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.8%