<br>
Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2
and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8,
and NSS to version 3.12.6-1.3235.vmw and NSPR to version
4.8.4-1.3235.vmw. These four updates are bundled together due to
their mutual dependencies.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245
and CVE-2010-0433 to the issues addressed in this update.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0001.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201009401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201009407-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201009408-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201009409-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201009410-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201010402-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201010404-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201010410-SG'):
flag += 1
<br>
kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to
095-14.20.el5 device-mapper-multipath package updated to
0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus
updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5,
and ed package updated to 0.2-39.el5_2.
<br>
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2008-3916, CVE-2009-1189 and
CVE-2009-0115 to these issues.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0004.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201006407-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201008406-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201002404-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201002406-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201002407-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005403-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005404-SG'):
flag += 1
if flag:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-0296, CVE-2011-0536, CVE-2011-1071,
CVE-2011-1095, CVE-2011-1658, and CVE-2011-1659 to these issues.
<br>
d. ESX update to third party drivers mptsas, mpt2sas, and mptspi
<br>
The mptsas, mpt2sas, and mptspi drivers are updated which addresses
multiple security issues in the mpt2sas driver.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-1494 and CVE-2011-1495 to these issues.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201203403-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201110401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201110403-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201110409-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201110201-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201110224-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
<br>
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0426 to this issue.
<br>
When the runas_default option is used, sudo does not properly set
group memberships, which allows local users to gain privileges via
a sudo command.
<br>
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0427 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0009.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201006405-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201006406-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201006408-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005405-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005406-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005407-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005408-SG'):
flag += 1
ESXi 4.1 Update 1
ESXi 4.0 with patch ESXi400-201103402-SG
<br>
ESX 4.1 Update 1
ESX 4.0 with patch ESX400-201103401-SG
<br>
An install or update of the vSphere Client from these releases will
not present a security warning from Windows.
Note: typically the vSphere Client will request an update if the
existing client is pointed at a newer version of vCenter or ESX.
<br>
VMware Knowledge Base article 1021404 explains how the unsigned
install package can be obtained in an alternative, secure way for an
environment with VirtualCenter 2.5, ESXi/ESX 3.5 or ESX 3.0.3.
<br>
VMware would like to thank Claudio Criscione for reporting this
issue to us.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2011-1789 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0008.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201103401-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
required to play back movies recorded with VMware Workstation,
VMware Player and VMware ACE, in any compatible media player. The
movie decoder is installed as part of VMware Workstation, VMware
Player and VMware ACE, or can be downloaded as a stand alone
package.
<br>
A function in the decoder frame decompression routine implicitly
trusts a size value. An attacker can utilize this to miscalculate
a destination pointer, leading to the corruption of a heap buffer,
and could allow for execution of arbitrary code with the privileges
of the user running an application utilizing the vulnerable codec.
<br>
For an attack to be successful the user must be tricked into
visiting a malicious web page or opening a malicious video file on
a system that has the vulnerable version of the VMnc codec installed.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-4294 to this issue.
<br>
VMware would like to thank Aaron Portnoy and Logan Brown of
TippingPoint DVLabs for reporting this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0018.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201009401-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
is not affected. This is any build of vSphere Client Version
4.0.0 and vSphere Client Version 4.1.0.
<br>
VI Clients bundled with VMware Infrastructure 3 that are not
affected are :
- VI Client 2.0.2 Build 230598 and higher
- VI Client 2.5 Build 204931 and higher
<br>
The issue can be remediated by replacing an affected VI Client
with the VI Client bundled with VirtualCenter 2.5 Update 6 or
VirtualCenter 2.5 Update 6a.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201105401-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201105404-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201105406-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201104401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201110410-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201104401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201110225-SG'):
flag += 1
if flag:
samba-client-3.0.33-3.15.el5_4.1 and
samba-common-3.0.33-3.15.el5_4.1. These versions include fixes for
security issues that were first fixed in
samba-client-3.0.33-0.18.el4_8 and samba-common-3.0.33-0.18.el4_8.
<br>
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-2906, CVE-2009-1888,CVE-2009-2813
and CVE-2009-2948 to these issues.
<br>
b. Service Console update for acpid to1.0.4-9.el5_4.2
<br>
This updates changes the the acpid package to acpid-1.0.4-9.el5_4.2.
This version includes the fix for a security issue that was first
fixed in acpid-1.0.4-7.el5_4.1.
<br>
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0798 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0006.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201003403-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201003405-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
<br>
The service console package perl is updated to version
5.8.0-101.EL3 for ESX 3.x versions and version 5.8.8-32.el5_5.1
for ESX 4.x versions.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1168 and CVE-2010-1447 to the issues
addressed in the update for ESX 3.x and the names CVE-2008-5302,
CVE-2008-5303, CVE-2010-1168, and CVE-2010-1447 to the issues
addressed in the update for ESX 4.x.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0013.html"
flag = 0
if ESX_check('ESX 3.0.3', 'ESX303-201102402-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201008405-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201008407-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201008410-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201008411-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201008412-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201009402-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201009403-SG'):
flag += 1
assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and
CVE-2011-1521 to these issues.
<br>
g. ESXi update to third party component python
<br>
The python third party library is updated to python 2.5.6 which
fixes multiple security issues.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
CVE-2010-2089, and CVE-2011-1521 to these issues.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2012-0001.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201203401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201203402-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201203403-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201203404-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201203405-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201201401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201201402-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201201404-SG'):
flag += 1
sys.path.append('.')
from scanFunction.vuln_check import ESX_check
from scanFunction.vuln_check import write_result
import re
VMSA = "VMSA-2010-0017.1"
name = "VMSA-2010-0017.1 : VMware ESX third party update for Service Console kernel"
cve_id = "CVE-2010-0291, CVE-2010-0307, CVE-2010-0415, CVE-2010-0622, CVE-2010-1087, CVE-2010-1088, CVE-2010-1437, CVE-2010-3081"
description = """a. Service Console OS update for COS kernel package.
<br>
This patch updates the Service Console kernel to fix a stack
pointer underflow issue in the 32-bit compatibility layer.
<br>
Exploitation of this issue could allow a local user to gain
additional privileges.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3081 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0017.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201101401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201011402-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,
CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,
CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,
CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,
CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,
CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,
CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and
CVE-2010-3081 to the issues addressed in the update.
<br>
Notes :
- The update also addresses the 64-bit compatibility mode
stack pointer underflow issue identified by CVE-2010-3081. This
issue was patched in an ESX 4.1 patch prior to the release of
ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.
- The update also addresses CVE-2010-2240 for ESX 4.0.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201103401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201103403-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201101201-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
<br>
This release resolves an integer overflow issue present in the
third party library SFCB when the httpMaxContentLength has been
changed from its default value to 0 in in /etc/sfcb/sfcb.cfg.
The integer overflow could allow remote attackers to cause a
denial of service (heap memory corruption) or possibly execute
arbitrary code via a large integer in the Content-Length HTTP
header.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2054 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0013.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201111201-SG'):
flag += 1;
if ESX_check('ESX 4.0', 'ESX400-201203401-SG'):
flag += 1;
if ESX_check('ESX 4.0', 'ESX400-201203406-SG'):
flag += 1;
if ESX_check('ESX 4.1', 'ESX410-201110201-SG'):
flag += 1;
if ESX_check('ESX 4.1', 'ESX410-201110204-SG'):
flag += 1;
if ESX_check('ESX 4.1', 'ESX410-201110206-SG'):
flag += 1;
if ESX_check('ESX 4.1', 'ESX410-201110214-SG'):
flag += 1;
if ESX_check('ESX 4.1', 'ESX410-201110201-SG'):
flag += 1;
has assigned the names CVE-2010-3316, CVE-2010-3435, and
CVE-2010-3853 to these issues.
<br>
d. Service Console update for rpm, rpm-libs, rpm-python, and popt
<br>
This patch updates rpm, rpm-libs, and rpm-python RPMs to
4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1,
which resolves a security issue.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2059 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201103401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201103404-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201103406-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201103407-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201101201-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201104407-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201110207-SG'):
flag += 1
if flag:
devices. The VMware hardening guides recommend removing unused
virtual IO devices in general.
<br>
Mitigation
<br>
- Do not allow untrusted root users access to your virtual
machines. Root or Administrator level permissions are
required to exploit this issue.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-2450 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2012-0009.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201205401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201105201-UG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201205401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201110201-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201201401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201205401-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
virtual machine is referred to as a remote device.
<br>
Traffic coming from remote virtual devices is incorrectly handled.
This may allow an attacker who is capable of manipulating the
traffic from a remote virtual device to crash the virtual machine.
<br>
Workaround
- None identified
<br>
Mitigation
- Users need administrative privileges on the virtual machine
in order to attach remote devices.
- Do not attach untrusted remote devices to a virtual machine.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-3289 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2012-0011.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201206401-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201206401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201206401-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
The service console package sudo is updated to version
1.7.2p1-8.el5_5.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2956 to the issue addressed in this
update.
<br>
c. Service Console update for openldap
<br>
The service console package openldap is updated to version
2.3.43-12.el5_5.1.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues
addressed in this update.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201101404-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201101405-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201101226-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201104404-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864,
CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,
CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,
CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,
CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0002.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201003403-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201005402-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
<br>
The ESX Service Console Operating System (COS) kernel is updated
which addresses several security issues in the COS kernel.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to
these issues.
<br>
b. Updated ESX Service Console package libxml2
<br>
The ESX Console Operating System (COS) libxml2 rpms are updated to
the following versions libxml2-2.6.26-2.1.12.el5_7.2 and
libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several
security issues.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944,
CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2012-0008.html"
flag = 0
if ESX_check('ESX 4.1', 'ESX410-201204401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201204402-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
<br>
b. Service Console update for glibc
<br>
This patch updates the glibc package for ESX service console to
glibc-2.5-58.7602.vmw. This fixes multiple security issues in
glibc, glibc-common and nscd including possible local privilege
escalation.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2010-0296, CVE-2011-0536,
CVE-2011-1095, CVE-2011-1071, CVE-2011-1658 and CVE-2011-1659 to
these issues.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2011-0010.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201203405-SG'):
flag += 1;
if ESX_check('ESX 4.0', 'ESX400-201110406-SG'):
flag += 1;
if ESX_check('ESX 4.0', 'ESX400-201110408-SG'):
flag += 1;
if ESX_check('ESX 4.1', 'ESX410-201107405-SG'):
flag += 1;
if ESX_check('ESX 4.1', 'ESX410-201107406-SG'):
flag += 1;
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
<br>
VMware would like to thank Johann MacDonagh for reporting this
issue to us.
<br>
i. Linux-based vmrun format string vulnerability
<br>
A format string vulnerability in vmrun could allow arbitrary code
execution.
<br>
If a vmrun command is issued and processes are listed, code could
be executed in the context of the user listing the processes.
<br>
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-1139 to this issue.
<br>
VMware would like to thank Thomas Toth-Steiner for reporting this
issue to us.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
flag = 0
if ESX_check('ESX 3.0.3', 'ESX303-201002203-UG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-200911223-UG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0405 to this issue.
<br>
c. Service Console update for OpenSSL
<br>
The service console package openssl updated to version
0.9.7a-33.26.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0590, CVE-2009-2409 and
CVE-2009-3555 to the issues addressed in this update.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
flag = 0
if ESX_check('ESX 3.0.3', 'ESX303-201102402-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201012401-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201012408-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201012409-SG'):
flag += 1
if ESX_check('ESX 4.0', 'ESX400-201103405-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201104403-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
<br>
This patch updates the service console package for net-snmp,
net-snmp-utils, and net-snmp-libs to version
net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by-
zero flaw in the snmpd daemon. A remote attacker could issue a
specially crafted GETBULK request that could cause the snmpd daemon
to fail.
<br>
This vulnerability was introduced by an incorrect fix for
CVE-2008-4309.
<br>
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2009-1887 to this issue.
<br>
Note: After installing the previous patch for net-snmp
(ESX350-200901409-SG), running the snmpbulkwalk command with the
parameter -CnX results in no output, and the snmpd daemon stops.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0003.html"
flag = 0
if ESX_check('ESX 3.0.3', 'ESX303-201002202-SG'):
flag += 1
if ESX_check('ESX 3.5.0', 'ESX350-201002401-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
import sys
sys.path.append('.')
from scanFunction.vuln_check import ESX_check
from scanFunction.vuln_check import write_result
import re
VMSA = "VMSA-2012-0003"
name = "VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE"
cve_id = "CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561"
description = """a. VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32
<br>
Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses
multiple security issues that existed in earlier releases of Oracle
(Sun) JRE.
<br>
Oracle has documented the CVE identifiers that are addressed in
JRE 1.5.0_32 in the Oracle Java SE Critical Patch Update Advisory of
October 2011.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2012-0003.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201203401-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
provides a link to this advisory.
<br>
f. vCenter Server Apache Tomcat update 6.0.35
<br>
Apache Tomcat has been updated to version 6.0.35 to address
multiple security issues.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2011-3190, CVE-2011-3375, and
CVE-2012-0022 to these issues.
<br>
g. ESXi update to third party component bzip2
<br>
The bzip2 library is updated to version 1.0.6, which resolves a
security issue.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0405 to this issue.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
flag = 0
if ESX_check('ESX 4.0', 'ESX400-201110401-SG'):
flag += 1
if ESX_check('ESX 4.1', 'ESX410-201110201-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
from scanFunction.vuln_check import ESX_check
from scanFunction.vuln_check import write_result
import re
VMSA = "VMSA-2010-0010"
name = "VMSA-2010-0010 : ESX 3.5 third party update for Service Console kernel"
cve_id = "CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2692, CVE-2009-2698, CVE-2009-2848, CVE-2009-3002, CVE-2009-3547"
description = """a. Service Console update for COS kernel
<br>
The service console package kernel is updated to version 2.4.21-63.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337,
CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and
CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63.
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2698, CVE-2009-2692 to the security
issues fixed in kernel-2.4.21-60.
"""
repair = "http://www.vmware.com/security/advisories/VMSA-2010-0010.html"
flag = 0
if ESX_check('ESX 3.5.0', 'ESX350-201006401-SG'):
flag += 1
if flag:
write_result(name, cve_id, description, repair)
# return "Patches in %s is missing!!\n" % VMSA
