Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_VMSA-2011-0004_REMOTE.NASL
HistoryMar 04, 2016 - 12:00 a.m.

VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check)

2016-03-0400:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.371 Low

EPSS

Percentile

97.2%

JSON

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries :

  • bind
  • pam
  • popt
  • rpm
  • rpm-libs
  • rpm-python
  • Service Location Protocol daemon (SLPD)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89675);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2005-4889",
    "CVE-2010-2059",
    "CVE-2010-2199",
    "CVE-2010-3316",
    "CVE-2010-3435",
    "CVE-2010-3609",
    "CVE-2010-3613",
    "CVE-2010-3614",
    "CVE-2010-3762",
    "CVE-2010-3853"
   );
  script_bugtraq_id(
    40512,
    42472,
    43487,
    44590,
    45133,
    45137,
    45385,
    46772
  );
  script_xref(name:"VMSA", value:"2011-0004");

  script_name(english:"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check)");
  script_summary(english:"Checks the ESX / ESXi version and build number.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
arbitrary code execution vulnerabilities, in several third-party
components and libraries :

  - bind
  - pam
  - popt
  - rpm
  - rpm-libs
  - rpm-python
  - Service Location Protocol daemon (SLPD)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2011-0004");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2012/000159.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Misc.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = '';

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
else
{
  esx = extract[1];
  ver = extract[2];
}

# fixed build numbers are the same for ESX and ESXi
fixes = make_array(
          "4.0", "360236",
          "4.1", "381591"
        );

fix = FALSE;
fix = fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

if (build < fix)
{

  report = '\n  Version         : ' + esx + " " + ver +
           '\n  Installed build : ' + build +
           '\n  Fixed build     : ' + fix +
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
VendorProductVersionCPE
vmwareesxcpe:/o:vmware:esx
vmwareesxicpe:/o:vmware:esxi

Related

nessus 50
vmware 2
securityvulns 7
openvas 55
fedora 7
redhat 6
debian 1
centos 4
osv 1
oraclelinux 6
cvelist 8
nvd 8
ubuntucve 6
debiancve 8
cve 7
prion 6
ubuntu 3
slackware 1
cisa 1
veracode 6
f5 4
gentoo 1
cert 1
nessus
nessus
VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.
2011-03-08 00:00:00
RHEL 4 : rpm (RHSA-2010:0678)
2010-09-08 00:00:00
CentOS 4 : rpm (CESA-2010:0678)
2010-09-12 00:00:00
vmware
vmware
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2011-03-07 00:00:00
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2011-03-07 00:00:00
securityvulns
securityvulns
VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2011-03-10 00:00:00
PAM authentuication modules multiple security vulnerabilities
2010-11-08 00:00:00
[ MDVSA-2010:220 ] pam
2010-11-08 00:00:00
openvas
openvas
VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2012-03-16 00:00:00
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm (VMSA-2011-0004.3)
2012-03-16 00:00:00
Fedora Update for pam FEDORA-2010-17155
2010-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: pam-1.1.1-6.fc14
2010-11-06 23:42:52
[SECURITY] Fedora 13 Update: pam-1.1.1-6.fc13
2010-11-04 23:28:57
[SECURITY] Fedora 12 Update: pam-1.1.1-6.fc12
2010-11-17 23:16:19
redhat
redhat
(RHSA-2010:0976) Important: bind security update
2010-12-13 00:00:00
(RHSA-2010:0819) Moderate: pam security update
2010-11-01 00:00:00
(RHSA-2010:0678) Moderate: rpm security update
2010-09-07 00:00:00
debian
debian
[SECURITY] [DSA-2130-1] New BIND packages fix denial of service
2010-12-10 20:27:48
centos
centos
bind, caching security update
2010-12-14 01:18:10
pam security update
2010-11-01 21:56:05
popt, rpm security update
2010-09-08 22:45:33
osv
osv
bind9 - denial of service
2010-12-10 00:00:00
oraclelinux
oraclelinux
bind security update
2010-12-13 00:00:00
pam security update
2010-11-01 00:00:00
rpm security update
2010-09-07 00:00:00
cvelist
cvelist
CVE-2005-4889
2010-06-08 18:00:00
CVE-2010-2199
2010-06-08 18:00:00
CVE-2010-3762
2010-10-05 21:00:00
nvd
nvd
CVE-2005-4889
2010-06-08 18:30:09
CVE-2010-2199
2010-06-08 18:30:10
CVE-2010-3762
2010-10-05 22:00:06
ubuntucve
ubuntucve
CVE-2005-4889
2010-06-08 00:00:00
CVE-2010-2199
2010-06-08 00:00:00
CVE-2010-3316
2011-01-24 00:00:00
debiancve
debiancve
CVE-2005-4889
2010-06-08 18:30:09
CVE-2010-2199
2010-06-08 18:30:10
CVE-2010-3853
2011-01-24 18:00:02
cve
cve
CVE-2005-4889
2010-06-08 18:30:09
CVE-2010-2199
2010-06-08 18:30:10
CVE-2010-3762
2010-10-05 22:00:06
prion
prion
Design/Logic Flaw
2010-06-08 18:30:00
Input validation
2010-10-05 22:00:00
Code injection
2011-01-24 18:00:00
ubuntu
ubuntu
Bind vulnerabilities
2010-12-01 00:00:00
PAM vulnerabilities
2011-05-30 00:00:00
PAM regression
2011-05-31 00:00:00
slackware
slackware
[slackware-security] bind
2010-12-16 21:45:59
cisa
cisa
Internet Systems Consortium BIND Vulnerabilities
2010-12-02 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:47:51
Denial Of Service (DoS)
2020-04-10 00:51:03
Authorization Bypass
2020-04-10 00:51:03
f5
f5
SOL15172 - BIND vulnerability CVE-2010-3762
2014-04-17 00:00:00
K15172 : BIND vulnerability CVE-2010-3762
2014-04-17 00:00:00
K12567 : BIND vulnerability CVE-2010-3614
2013-07-03 00:00:00
gentoo
gentoo
BIND: Multiple vulnerabilities
2012-06-02 00:00:00
cert
cert
ISC BIND named validator vulnerability
2010-12-01 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.371 Low

EPSS

Percentile

97.2%

JSON
Related for VMWARE_VMSA-2011-0004_REMOTE.NASL
nessus50vmware2securityvulns7openvas55fedora7redhat6debian1centos4osv1oraclelinux6cvelist8nvd8ubuntucve6debiancve8cve7prion6ubuntu3slackware1cisa1veracode6f54gentoo1cert1