ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check)

high Nessus Plugin ID 70881

Synopsis

The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.

Description

The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the big2_toUtf8() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
(CVE-2009-3560)

- A denial of service vulnerability exists in the updatePosition() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
(CVE-2009-3720)

- An integer overflow condition exists in the BZ2_decompress() function in file decompress.c in the bzip2 and libbzip2 library. A remote attacker can exploit this, via a crafted compressed file, to cause a denial of service or the execution of arbitrary code.
(CVE-2010-0405)

- A denial of service vulnerability exists in the audioop module due to multiple integer overflows conditions in file audioop.c. A remote attacker can exploit this, via a large fragment or argument, to cause a buffer overflow, resulting in an application crash.
(CVE-2010-1634)

- A denial of service vulnerability exists in the audioop module due to a failure to verify the relationships between size arguments and byte string length. A remote attacker can exploit this, via crafted arguments, to cause memory corruption, resulting in an application crash. (CVE-2010-2089)

- A flaw exists in the urllib and urllib2 modules due to processing Location headers that specify redirection to a file. A remote attacker can exploit this, via a crafted URL, to gain sensitive information or cause a denial of service. (CVE-2011-1521)

- A privilege escalation vulnerability exists due to an incorrect ACL being used for the VMware Tools folder. An attacker on an adjacent network with access to a guest operating system can exploit this to gain elevated privileges on the guest operating system.
(CVE-2012-1518)

Solution

Apply patches ESXi500-201203102-SG and ESXi500-201203101-SG according to the vendor advisory.

See Also

http://www.nessus.org/u?5e527c97

https://www.vmware.com/security/advisories/VMSA-2012-0001.html

https://www.vmware.com/security/advisories/VMSA-2012-0005.html

http://www.vmware.com/security/advisories/VMSA-2012-0007.html

http://www.nessus.org/u?f1d92f8f

http://www.nessus.org/u?e044b71b

Plugin Details

Severity: High

ID: 70881

File Name: vmware_esxi_5_0_build_608089_remote.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.0

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2012

Vulnerability Publication Date: 11/5/2009

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2009-3560, CVE-2009-3720, CVE-2010-0405, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521, CVE-2012-1518

BID: 36097, 37203, 40370, 40863, 43331, 47024, 53006

CWE: 119

IAVB: 2010-B-0083

VMSA: 2012-0001, 2012-0005, 2012-0007