Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.VMWARE_VMSA-2010-0001_REMOTE.NASL
HistoryMar 08, 2016 - 12:00 a.m.

VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check)

2016-03-0800:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
30

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.97

Percentile

99.8%

JSON

The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

  • Network Security Services (NSS)
  • NetScape Portable Runtime (NSPR)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89735);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2009-0689",
    "CVE-2009-2404",
    "CVE-2009-2408",
    "CVE-2009-2409",
    "CVE-2009-3274",
    "CVE-2009-3370",
    "CVE-2009-3372",
    "CVE-2009-3373",
    "CVE-2009-3374",
    "CVE-2009-3375",
    "CVE-2009-3376",
    "CVE-2009-3380",
    "CVE-2009-3382"
  );
  script_bugtraq_id(
    35888,
    35891,
    36851,
    36852,
    36853,
    36855,
    36856,
    36857,
    36858,
    36866,
    36867,
    36871,
    36881
  );
  script_xref(name:"VMSA", value:"2010-0001");

  script_name(english:"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check)");
  script_summary(english:"Checks the ESX / ESXi version and build number.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX host is missing a security-related patch. It is,
therefore, affected by multiple vulnerabilities, including remote code
execution vulnerabilities, in several third-party components and
libraries :

  - Network Security Services (NSS)
  - NetScape Portable Runtime (NSPR)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2010-0001");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000083.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(16, 119, 264, 310);

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = '';

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
else
{
  esx = extract[1];
  ver = extract[2];
}

# fixed build numbers are the same for ESX and ESXi
fixes = make_array(
          "4.0", "219382"
        );

fix = FALSE;
fix = fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

if (build < fix)
{
  report = '\n  Version         : ' + esx + " " + ver +
           '\n  Installed build : ' + build +
           '\n  Fixed build     : ' + fix +
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
VendorProductVersionCPE
vmwareesxcpe:/o:vmware:esx

Related

openvas 83
nessus 49
vmware 2
debian 2
osv 2
fedora 41
centos 2
redhat 6
oraclelinux 4
ubuntu 5
securityvulns 1
freebsd 1
suse 1
openvas
openvas
Fedora Core 10 FEDORA-2009-10981 (blam)
2009-11-11 00:00:00
CentOS Security Advisory CESA-2009:1530 (firefox)
2009-11-11 00:00:00
Fedora Core 10 FEDORA-2009-10981 (blam)
2009-11-11 00:00:00
nessus
nessus
VMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr
2010-01-08 00:00:00
Fedora 11 : Miro-2.5.2-5.fc11 / blam-1.8.5-15.fc11 / chmsee-1.0.1-12.fc11 / eclipse-3.4.2-17.fc11 / etc (2009-10878)
2009-10-29 00:00:00
Fedora 10 : Miro-2.0.5-5.fc10 / blam-1.8.5-15.fc10 / epiphany-2.24.3-11.fc10 / etc (2009-10981)
2009-11-05 00:00:00
vmware
vmware
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
ESX Service Console and vMA updates for nss and nspr
2010-03-03 00:00:00
debian
debian
[SECURITY] [DSA 1922-1] New xulrunner packages fix several vulnerabilities
2009-10-28 21:13:30
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities
2009-08-26 19:01:32
osv
osv
xulrunner - several vulnerabilities
2009-10-28 00:00:00
nss - several vulnerabilities
2009-08-26 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: kazehakase-0.5.6-4.fc10.7
2009-11-04 12:31:06
[SECURITY] Fedora 10 Update: gnome-web-photo-0.3-23.fc10
2009-11-04 12:31:06
[SECURITY] Fedora 10 Update: google-gadgets-0.10.5-11.fc10
2009-11-04 12:31:06
centos
centos
firefox, nspr security update
2009-10-28 13:44:04
seamonkey security update
2009-10-28 13:15:48
redhat
redhat
(RHSA-2009:1530) Critical: firefox security update
2009-10-27 00:00:00
(RHSA-2009:1207) Critical: nspr and nss security update
2009-08-12 00:00:00
(RHSA-2009:1184) Critical: nspr and nss security and bug fix update
2009-07-30 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-10-28 00:00:00
nspr and nss security and bug fix update
2009-07-30 00:00:00
nspr and nss security, bug fix, and enhancement update
2009-07-21 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner regression
2009-11-11 00:00:00
Firefox and Xulrunner vulnerabilities
2009-10-31 00:00:00
NSS regression
2009-09-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-11-05 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-10-27 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-11-04 14:24:35

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.97

Percentile

99.8%

JSON
Related for VMWARE_VMSA-2010-0001_REMOTE.NASL
openvas83nessus49vmware2debian2osv2fedora41centos2redhat6oraclelinux4ubuntu5securityvulns1freebsd1suse1