VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) - Nessus

Critical   Plugin ID: 89674

This page contains detailed information about the VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.

Table Of Contents
hide

Plugin Overview

ID: 89674
Name: VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
Filename: vmware_VMSA-2011-0003_remote.nasl
Vulnerability Published: 2008-07-08
This Plugin Published: 2016-03-04
Last Modification Time: 2021-01-06
Plugin Version: 1.6
Plugin Type: remote
Plugin Family: Misc.
Dependencies: vmware_vsphere_detect.nbin
Required KB Items [?]: Host/VMware/release, Host/VMware/version

Vulnerability Information

Severity: Critical
Vulnerability Published: 2008-07-08
Patch Published: 2011-02-10
CVE [?]: CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0291, CVE-2010-0307, CVE-2010-0410, CVE-2010-0415, CVE-2010-0433, CVE-2010-0437, CVE-2010-0622, CVE-2010-0730, CVE-2010-0734, CVE-2010-0740, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850, CVE-2010-0886, CVE-2010-1084, CVE-2010-1085, CVE-2010-1086, CVE-2010-1087, CVE-2010-1088, CVE-2010-1157, CVE-2010-1173, CVE-2010-1187, CVE-2010-1321, CVE-2010-1436, CVE-2010-1437, CVE-2010-1641, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2227, CVE-2010-2240, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-2928, CVE-2010-2939, CVE-2010-3081, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3556, CVE-2010-3557, CVE-2010-3559, CVE-2010-3561, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-3864
CPE [?]: cpe:/o:vmware:esx, cpe:/o:vmware:esxi
Exploited by Malware: True

Synopsis

The remote VMware ESX / ESXi host is missing a security-related patch.

Description

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :

- Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.

Public Exploits

Target Network Port(s): N/A
Target Asset(s): Host/VMware/vsphere
Exploit Available: True (Metasploit Framework, Exploit-DB, GitHub, Immunity Canvas, Core Impact)
Exploit Ease: Exploits are available

Here's the list of publicly known exploits and PoCs for verifying the VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) vulnerability:

  1. Metasploit: exploit/windows/browser/java_ws_arginject_altjvm
    [Sun Java Web Start Plugin Command Line Argument Injection]
  2. Metasploit: exploit/windows/browser/java_ws_vmargs
    [Sun Java Web Start Plugin Command Line Argument Injection]
  3. Metasploit: auxiliary/dos/http/apache_tomcat_transfer_encoding
    [Apache Tomcat Transfer-Encoding Information Disclosure and DoS]
  4. Metasploit: exploit/windows/browser/java_mixer_sequencer
    [Java MixerSequencer Object GM_Song Structure Handling Vulnerability]
  5. Metasploit: exploit/multi/browser/java_rmi_connection_impl
    [Java RMIConnectionImpl Deserialization Privilege Escalation]
  6. Metasploit: exploit/multi/browser/java_trusted_chain
    [Java Statement.invoke() Trusted Method Chain Privilege Escalation]
  7. Metasploit: exploit/windows/mssql/ms09_004_sp_replwritetovarbin
    [MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption]
  8. Metasploit: exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli
    [MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection]
  9. Metasploit: auxiliary/dos/http/slowloris
    [Slowloris Denial of Service Attack]
  10. Metasploit: exploit/multi/http/tomcat_mgr_deploy
    [Apache Tomcat Manager Application Deployer Authenticated Code Execution]
  11. Metasploit: auxiliary/scanner/http/tomcat_mgr_login
    [Tomcat Application Manager Login Utility]
  12. Metasploit: exploit/multi/http/tomcat_mgr_upload
    [Apache Tomcat Manager Authenticated Upload Code Execution]
  13. Exploit-DB: exploits/linux/dos/12334.c
    [EDB-12334: OpenSSL - Remote Denial of Service]
  14. Exploit-DB: exploits/linux/dos/14594.py
    [EDB-14594: Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service]
  15. Exploit-DB: exploits/windows/local/41700.rb
    [EDB-41700: Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)]
  16. Exploit-DB: exploits/multiple/remote/10579.py
    [EDB-10579: TLS - Renegotiation]
  17. Exploit-DB: exploits/multiple/remote/12343.txt
    [EDB-12343: Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure]
  18. Exploit-DB: exploits/windows/remote/15056.py
    [EDB-15056: Java 6.19 CMM readMabCurveData - Remote Stack Overflow]
  19. Exploit-DB: exploits/multiple/remote/16297.rb
    [EDB-16297: Java - 'Statement.invoke()' Trusted Method Chain (Metasploit)]
  20. Exploit-DB: exploits/multiple/remote/16305.rb
    [EDB-16305: Java - RMIConnectionImpl Deserialization Privilege Escalation (Metasploit)]
  21. Exploit-DB: exploits/multiple/remote/16317.rb
    [EDB-16317: Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit)]
  22. Exploit-DB: exploits/windows/remote/16392.rb
    [EDB-16392: Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)]
  23. Exploit-DB: exploits/windows/remote/16396.rb
    [EDB-16396: Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)]
  24. Exploit-DB: exploits/windows/remote/16585.rb
    [EDB-16585: Sun Java - Web Start Plugin Command Line Argument Injection (Metasploit)]
  25. Exploit-DB: exploits/windows/remote/18485.rb
    [EDB-18485: Java MixerSequencer Object - GM_Song Structure Handling (Metasploit)]
  26. Exploit-DB: exploits/multiple/remote/31433.rb
    [EDB-31433: Apache Tomcat Manager - Application Upload (Authenticated) Code Execution (Metasploit)]
  27. GitHub: https://github.com/cocomelonc/vulnexipy
    [CVE-2009-3548]
  28. GitHub: https://github.com/GiJ03/ReconScan
    [CVE-2009-3555]
  29. GitHub: https://github.com/RedHatProductSecurity/CVE-HOWTO
    [CVE-2009-3555]
  30. GitHub: https://github.com/RoliSoft/ReconScan
    [CVE-2009-3555]
  31. GitHub: https://github.com/ekiojp/hanase
    [CVE-2009-3555]
  32. GitHub: https://github.com/galeone/letsencrypt-lighttpd
    [CVE-2009-3555]
  33. GitHub: https://github.com/issdp/test
    [CVE-2009-3555]
  34. GitHub: https://github.com/johnwchadwick/cve-2009-3555-test-server
    [CVE-2009-3555: A TLS server using a vendored fork of the Go TLS stack that has renegotation ...]
  35. GitHub: https://github.com/matoweb/Enumeration-Script
    [CVE-2009-3555]
  36. GitHub: https://github.com/withdk/pulse-secure-vpn-mitm-research
    [CVE-2009-3555]
  37. GitHub: https://github.com/De4dCr0w/Linux-kernel-EoP-exp
    [CVE-2010-0415]
  38. GitHub: https://github.com/InteliSecureLabs/Linux_Exploit_Suggester
    [CVE-2010-0415]
  39. GitHub: https://github.com/PleXone2019/Linux_Exploit_Suggester
    [CVE-2010-0415]
  40. GitHub: https://github.com/R0B1NL1N/Linux-Kernal-Exploits-m-
    [CVE-2010-0415]
  41. GitHub: https://github.com/R0B1NL1N/Linux-Kernel-Exploites
    [CVE-2010-0415]
  42. GitHub: https://github.com/h4x0r-dz/local-root-exploit-
    [CVE-2010-0415]
  43. GitHub: https://github.com/qashqao/linux-xsuggest
    [CVE-2010-0415]
  44. GitHub: https://github.com/qiantu88/Linux--exp
    [CVE-2010-0415]
  45. GitHub: https://github.com/rakjong/LinuxElevation
    [CVE-2010-0415]
  46. GitHub: https://github.com/ram4u/Linux_Exploit_Suggester
    [CVE-2010-0415]
  47. GitHub: https://github.com/rcvalle/vulnerabilities
    [CVE-2010-0415]
  48. GitHub: https://github.com/marcocastro100/Intrusion_Detection_System-Python
    [CVE-2010-2227]
  49. GitHub: https://github.com/Technoashofficial/kernel-exploitation-linux
    [CVE-2010-2240]
  50. GitHub: https://github.com/xairy/linux-kernel-exploitation
    [CVE-2010-2240]
  51. GitHub: https://github.com/Al1ex/LinuxEelvation
    [CVE-2010-3081]
  52. GitHub: https://github.com/De4dCr0w/Linux-kernel-EoP-exp
    [CVE-2010-3081]
  53. GitHub: https://github.com/InteliSecureLabs/Linux_Exploit_Suggester
    [CVE-2010-3081]
  54. GitHub: https://github.com/PleXone2019/Linux_Exploit_Suggester
    [CVE-2010-3081]
  55. GitHub: https://github.com/R0B1NL1N/Linux-Kernal-Exploits-m-
    [CVE-2010-3081]
  56. GitHub: https://github.com/R0B1NL1N/Linux-Kernel-Exploites
    [CVE-2010-3081]
  57. GitHub: https://github.com/Snoopy-Sec/Localroot-ALL-CVE
    [CVE-2010-3081]
  58. GitHub: https://github.com/Technoashofficial/kernel-exploitation-linux
    [CVE-2010-3081]
  59. GitHub: https://github.com/h4x0r-dz/local-root-exploit-
    [CVE-2010-3081]
  60. GitHub: https://github.com/mergebase/usn2json
    [CVE-2010-3081]
  61. GitHub: https://github.com/qashqao/linux-xsuggest
    [CVE-2010-3081]
  62. GitHub: https://github.com/qiantu88/Linux--exp
    [CVE-2010-3081]
  63. GitHub: https://github.com/rakjong/LinuxElevation
    [CVE-2010-3081]
  64. GitHub: https://github.com/ram4u/Linux_Exploit_Suggester
    [CVE-2010-3081]
  65. GitHub: https://github.com/skbasava/Linux-Kernel-exploit
    [CVE-2010-3081]
  66. GitHub: https://github.com/xairy/linux-kernel-exploitation
    [CVE-2010-3081]
  67. GitHub: https://github.com/offensive-security/exploitdb-bin-sploits/blob/master/bin-sploits/15056.zip
    [EDB-15056]
  68. GitHub: https://github.com/SECFORCE/CVE-2008-5416
    [CVE-2008-5416: Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection]
  69. Immunity Canvas: CANVAS

Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.

WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.

Risk Information

CVSS V2 Vector [?]: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C
CVSS Base Score:10.0 (High)
Impact Subscore:10.0
Exploitability Subscore:10.0
CVSS Temporal Score:8.7 (High)
CVSS Environmental Score:NA (None)
Modified Impact Subscore:NA
Overall CVSS Score:8.7 (High)

Go back to menu.

Plugin Source

This is the vmware_VMSA-2011-0003_remote.nasl nessus plugin source code. This script is Copyright (C) 2016-2021 Tenable Network Security, Inc. 

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89674);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2008-0085",
    "CVE-2008-0086",
    "CVE-2008-0106",
    "CVE-2008-0107",
    "CVE-2008-3825",
    "CVE-2008-5416",
    "CVE-2009-1384",
    "CVE-2009-2693",
    "CVE-2009-2901",
    "CVE-2009-2902",
    "CVE-2009-3548",
    "CVE-2009-3555",
    "CVE-2009-4308",
    "CVE-2010-0003",
    "CVE-2010-0007",
    "CVE-2010-0008",
    "CVE-2010-0082",
    "CVE-2010-0084",
    "CVE-2010-0085",
    "CVE-2010-0087",
    "CVE-2010-0088",
    "CVE-2010-0089",
    "CVE-2010-0090",
    "CVE-2010-0091",
    "CVE-2010-0092",
    "CVE-2010-0093",
    "CVE-2010-0094",
    "CVE-2010-0095",
    "CVE-2010-0291",
    "CVE-2010-0307",
    "CVE-2010-0410",
    "CVE-2010-0415",
    "CVE-2010-0433",
    "CVE-2010-0437",
    "CVE-2010-0622",
    "CVE-2010-0730",
    "CVE-2010-0734",
    "CVE-2010-0740",
    "CVE-2010-0837",
    "CVE-2010-0838",
    "CVE-2010-0839",
    "CVE-2010-0840",
    "CVE-2010-0841",
    "CVE-2010-0842",
    "CVE-2010-0843",
    "CVE-2010-0844",
    "CVE-2010-0845",
    "CVE-2010-0846",
    "CVE-2010-0847",
    "CVE-2010-0848",
    "CVE-2010-0849",
    "CVE-2010-0850",
    "CVE-2010-0886",
    "CVE-2010-1084",
    "CVE-2010-1085",
    "CVE-2010-1086",
    "CVE-2010-1087",
    "CVE-2010-1088",
    "CVE-2010-1157",
    "CVE-2010-1173",
    "CVE-2010-1187",
    "CVE-2010-1321",
    "CVE-2010-1436",
    "CVE-2010-1437",
    "CVE-2010-1641",
    "CVE-2010-2066",
    "CVE-2010-2070",
    "CVE-2010-2226",
    "CVE-2010-2227",
    "CVE-2010-2240",
    "CVE-2010-2248",
    "CVE-2010-2521",
    "CVE-2010-2524",
    "CVE-2010-2928",
    "CVE-2010-2939",
    "CVE-2010-3081",
    "CVE-2010-3541",
    "CVE-2010-3548",
    "CVE-2010-3549",
    "CVE-2010-3550",
    "CVE-2010-3551",
    "CVE-2010-3553",
    "CVE-2010-3554",
    "CVE-2010-3556",
    "CVE-2010-3557",
    "CVE-2010-3559",
    "CVE-2010-3561",
    "CVE-2010-3562",
    "CVE-2010-3565",
    "CVE-2010-3566",
    "CVE-2010-3567",
    "CVE-2010-3568",
    "CVE-2010-3569",
    "CVE-2010-3571",
    "CVE-2010-3572",
    "CVE-2010-3573",
    "CVE-2010-3574",
    "CVE-2010-3864"
  );
  script_bugtraq_id(
    30082,
    30083,
    30118,
    30119,
    31534,
    32710,
    35112,
    36935,
    36954,
    37724,
    37762,
    37906,
    37942,
    37944,
    37945,
    38027,
    38058,
    38144,
    38162,
    38165,
    38185,
    38348,
    38479,
    38533,
    38857,
    38898,
    39013,
    39044,
    39062,
    39067,
    39068,
    39069,
    39070,
    39071,
    39072,
    39073,
    39075,
    39077,
    39078,
    39081,
    39082,
    39083,
    39084,
    39085,
    39086,
    39088,
    39089,
    39090,
    39091,
    39093,
    39094,
    39095,
    39096,
    39120,
    39492,
    39569,
    39635,
    39715,
    39719,
    39794,
    39979,
    40235,
    40356,
    40776,
    40920,
    41466,
    41544,
    41904,
    42242,
    42249,
    42306,
    43239,
    43965,
    43971,
    43979,
    43985,
    43988,
    43992,
    43994,
    44009,
    44011,
    44012,
    44013,
    44014,
    44016,
    44017,
    44026,
    44027,
    44028,
    44030,
    44032,
    44035,
    44040,
    44884
  );
  script_xref(name:"VMSA", value:"2011-0003");

  script_name(english:"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)");
  script_summary(english:"Checks the ESX / ESXi version and build number.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in several third-party
components and libraries :

  - Apache Tomcat 
  - Apache Tomcat Manager
  - cURL 
  - Java Runtime Environment (JRE)
  - Kernel 
  - Microsoft SQL Express
  - OpenSSL
  - pam_krb5");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2011-0003");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2011/000140.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Web Start Plugin Command Line Argument Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"Misc.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = '';

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
else
{
  esx = extract[1];
  ver = extract[2];
}

# fixed build numbers are the same for ESX and ESXi
fixes = make_array(
          "4.0", "360236",
          "4.1", "348481"
        );

fix = FALSE;
fix = fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

if (build < fix)
{

  report = '\n  Version         : ' + esx + " " + ver +
           '\n  Installed build : ' + build +
           '\n  Fixed build     : ' + fix +
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

The latest version of this script can be found in these locations depending on your platform:

  • Linux / Unix:
    /opt/nessus/lib/nessus/plugins/vmware_VMSA-2011-0003_remote.nasl
  • Windows:
    C:\ProgramData\Tenable\Nessus\nessus\plugins\vmware_VMSA-2011-0003_remote.nasl
  • Mac OS X:
    /Library/Nessus/run/lib/nessus/plugins/vmware_VMSA-2011-0003_remote.nasl

Go back to menu.

How to Run

Here is how to run the VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) as a standalone plugin via the Nessus web user interface (https://localhost:8834/):

  1. Click to start a New Scan.
  2. Select Advanced Scan.
  3. Navigate to the Plugins tab.
  4. On the top right corner click to Disable All plugins.
  5. On the left side table select Misc. plugin family.
  6. On the right side table select VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) plugin ID 89674.
  7. Specify the target on the Settings tab and click to Save the scan.
  8. Run the scan.

Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.

Basic usage:

/opt/nessus/bin/nasl vmware_VMSA-2011-0003_remote.nasl -t <IP/HOST>

Run the plugin with audit trail message on the console:

/opt/nessus/bin/nasl -a vmware_VMSA-2011-0003_remote.nasl -t <IP/HOST>

Run the plugin with trace script execution written to the console (useful for debugging):

/opt/nessus/bin/nasl -T - vmware_VMSA-2011-0003_remote.nasl -t <IP/HOST>

Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):

/opt/nessus/bin/nasl -K /tmp/state vmware_VMSA-2011-0003_remote.nasl -t <IP/HOST>

Go back to menu.

References

BID | SecurityFocus Bugtraq ID: VMSA | VMware Security Advisory: CWE | Common Weakness Enumeration:
  • CWE-20 (Weakness) Improper Input Validation
  • CWE-22 (Weakness) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-119 (Weakness) Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-189 (Category) Numeric Errors
  • CWE-200 (Weakness) Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-255 (Category) Credentials Management Errors
  • CWE-264 (Category) Permissions, Privileges, and Access Controls
  • CWE-287 (Weakness) Improper Authentication
  • CWE-310 (Category) Cryptographic Issues
  • CWE-399 (Category) Resource Management Errors
See also: Similar and related Nessus plugins:
  • 51971 - VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • 75522 - openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)
  • 75534 - openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
  • 75540 - openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)
  • 75550 - openSUSE Security Update : kernel (openSUSE-SU-2010:0655-1)
  • 75759 - openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)
  • 75779 - openSUSE Security Update : xorg-x11-Xvnc (openSUSE-SU-2010:0561-1)
  • 75802 - openSUSE Security Update : compat-openssl097g (openSUSE-SU-2011:0845-1)
  • 76303 - GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • 78123 - F5 Networks BIG-IP : SSL Renegotiation vulnerability (SOL10737)
  • 78126 - F5 Networks BIG-IP : OpenSSL vulnerability (SOL11533)
  • 79475 - OracleVM 2.2 : krb5 (OVMSA-2011-0015)
  • 79507 - OracleVM 2.2 : kernel (OVMSA-2013-0039)
  • 79531 - OracleVM 2.2 : openssl (OVMSA-2014-0007)
  • 79532 - OracleVM 3.2 : onpenssl (OVMSA-2014-0008)
  • 83005 - F5 Networks BIG-IP : Linux kernel vulnerability (SOL16471)
  • 83306 - Debian DSA-3253-1 : pound - security update (POODLE)
  • 88107 - Debian DLA-400-1 : pound security update (BEAST) (POODLE)
  • 89676 - VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check)
  • 89678 - VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check)
  • 89681 - VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)
  • 89740 - VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • 89741 - VMware ESX Multiple Vulnerabilities (VMSA-2010-0013) (remote check)
  • 89742 - VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check)
  • 89743 - VMware ESX Privilege Escalation (VMSA-2010-0017) (remote check)
  • 89745 - VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check)

Version

This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file vmware_VMSA-2011-0003_remote.nasl version 1.6. For more plugins, visit the Nessus Plugin Library.

Go back to menu.