Synopsis
The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
Description
The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities :
- A denial of service vulnerability exists in the big2_toUtf8() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
(CVE-2009-3560)
- A denial of service vulnerability exists in the updatePosition() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
(CVE-2009-3720)
- An integer overflow condition exists in the BZ2_decompress() function in file decompress.c in the bzip2 and libbzip2 library. A remote attacker can exploit this, via a crafted compressed file, to cause a denial of service or the execution of arbitrary code.
(CVE-2010-0405)
- A denial of service vulnerability exists in the audioop module due to multiple integer overflows conditions in file audioop.c. A remote attacker can exploit this, via a large fragment or argument, to cause a buffer overflow, resulting in an application crash.
(CVE-2010-1634)
- A denial of service vulnerability exists in the audioop module due to a failure to verify the relationships between size arguments and byte string length. A remote attacker can exploit this, via crafted arguments, to cause memory corruption, resulting in an application crash. (CVE-2010-2089)
- A flaw exists in the urllib and urllib2 modules due to processing Location headers that specify redirection to a file. A remote attacker can exploit this, via a crafted URL, to gain sensitive information or cause a denial of service. (CVE-2011-1521)
- A privilege escalation vulnerability exists due to an incorrect ACL being used for the VMware Tools folder. An attacker on an adjacent network with access to a guest operating system can exploit this to gain elevated privileges on the guest operating system.
(CVE-2012-1518)
Solution
Apply patches ESXi500-201203102-SG and ESXi500-201203101-SG according to the vendor advisory.
Plugin Details
File Name: vmware_esxi_5_0_build_608089_remote.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:vmware:esxi:5.0
Required KB Items: Host/VMware/version, Host/VMware/release
Exploit Ease: Exploits are available
Patch Publication Date: 3/15/2012
Vulnerability Publication Date: 11/5/2009
Exploitable With
CANVAS (White_Phosphorus)
Reference Information
CVE: CVE-2009-3560, CVE-2009-3720, CVE-2010-0405, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521, CVE-2012-1518
BID: 36097, 37203, 40370, 40863, 43331, 47024, 53006