VMSA-2009-0009 : ESX Service Console updates for udev, sudo, and curl

high Nessus プラグイン ID 52011
New! プラグインの深刻度には CVSS v3 が適用されるようになりました。

プラグインの深刻度は、デフォルトで CVSS v3 を使って計算されるように更新されました。プラグインに CVSS v3 スコアがない場合には、CVSS v2 を使って深刻度が計算されます。深刻度の表示設定は、[設定]のドロップダウンで切り替えができます。

概要

The remote VMware ESX host is missing one or more security-related patches.

説明

a. Service Console package udev

A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1185 to this issue.

Please see http://kb.vmware.com/kb/1011786 for details.

b. Service Console package sudo

Service Console package for sudo has been updated to version sudo-1.6.9p17-3. This fixes the following issue: Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0034 to this issue.

Please see http://kb.vmware.com/kb/1011781 for more details

c. Service Console package curl

Service Console package for curl has been updated to version curl-7.15.5-2.1. This fixes the following issue: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0037 to this issue.

Please see http://kb.vmware.com/kb/1011782 for details

ソリューション

Apply the missing patches.

関連情報

http://lists.vmware.com/pipermail/security-announce/2009/000060.html

プラグインの詳細

深刻度: High

ID: 52011

ファイル名: vmware_VMSA-2009-0009.nasl

バージョン: 1.18

タイプ: local

公開日: 2011/2/17

更新日: 2021/1/6

依存関係: ssh_get_info.nasl

リスク情報

VPR

リスクファクター: Critical

スコア: 9.7

CVSS v2

リスクファクター: High

Base Score: 7.2

Temporal Score: 6.3

ベクトル: AV:L/AC:L/Au:N/C:C/I:C/A:C

現状ベクトル: E:H/RL:OF/RC:C

脆弱性情報

CPE: cpe:/o:vmware:esx:4.0

必要な KB アイテム: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

エクスプロイトが利用可能: true

エクスプロイトの容易さ: Exploits are available

パッチ公開日: 2009/7/10

エクスプロイト可能

CANVAS (CANVAS)

Core Impact

Metasploit (Linux udev Netlink Local Privilege Escalation)

参照情報

CVE: CVE-2009-0034, CVE-2009-0037, CVE-2009-1185

BID: 33517, 33962, 34536

VMSA: 2009-0009

CWE: 20, 264, 352