Detections
Analytics

ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check)

high Nessus Plugin ID 70877

Language:

Synopsis

The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.

Description

The remote VMware ESXi 5.0 host is affected by the following vulnerabilities :

 - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102)

 - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807)

 - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134)

 - A privilege escalation vulnerability exists due to improper handling of control code in the lgtosync.sys driver. A local attacker can exploit this escalate privileges on Windows-based 32-bit guest operating systems. (CVE-2013-3519)

Solution

Apply patch ESXi500-201303101-SG.

See Also

http://www.nessus.org/u?bac4c6a1

https://www.vmware.com/security/advisories/VMSA-2013-0001.html

https://www.vmware.com/security/advisories/VMSA-2013-0004.html

https://www.vmware.com/security/advisories/VMSA-2013-0014.html

Plugin Details

Severity: High

ID: 70877

File Name: vmware_esxi_5_0_build_1022489_remote.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 11/27/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-3519

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Required KB Items: Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/28/2013

Vulnerability Publication Date: 5/7/2012

Reference Information

CVE: CVE-2011-3102, CVE-2012-2807, CVE-2012-5134, CVE-2013-3519

BID: 53540, 54718, 56684, 64075