ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)

medium Nessus Plugin ID 70886

Synopsis

The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilities.

Description

The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities :

- An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution.
(CVE-2009-5029)

- An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064)

- An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830)

- An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089)

- An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202)

- An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102)

- An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970)

- An error exists in the glibc library in the svc_run() function that allows a denial of service.
(CVE-2011-4609)

- An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864)

- Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807)

- Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871)

- A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution.
(CVE-2012-2870)

- Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)

- Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480)

- A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134)

- An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)

Solution

Apply patch ESXi510-201304101-SG.

See Also

http://www.nessus.org/u?cdcb8713

https://www.vmware.com/security/advisories/VMSA-2012-0018.html

https://www.vmware.com/security/advisories/VMSA-2013-0014.html

https://www.vmware.com/security/advisories/VMSA-2013-0004.html

https://www.vmware.com/security/advisories/VMSA-2013-0001.html

Plugin Details

Severity: Medium

ID: 70886

File Name: vmware_esxi_5_1_build_1063671_remote.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/25/2013

Vulnerability Publication Date: 6/1/2009

Reference Information

CVE: CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-1202, CVE-2011-3102, CVE-2011-3970, CVE-2011-4609, CVE-2012-0864, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-5134, CVE-2013-5973

BID: 40063, 46740, 47668, 50898, 51439, 51911, 52201, 53540, 54203, 54374, 54718, 54982, 55331, 56684, 64075, 64491