Synopsis
The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilities.
Description
The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities :
- An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution.
(CVE-2009-5029)
- An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064)
- An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830)
- An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089)
- An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202)
- An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102)
- An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970)
- An error exists in the glibc library in the svc_run() function that allows a denial of service.
(CVE-2011-4609)
- An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864)
- Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807)
- Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871)
- A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution.
(CVE-2012-2870)
- Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
- Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480)
- A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134)
- An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)
Solution
Apply patch ESXi510-201304101-SG.
Plugin Details
File Name: vmware_esxi_5_1_build_1063671_remote.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:vmware:esxi
Required KB Items: Host/VMware/version, Host/VMware/release
Exploit Ease: Exploits are available
Patch Publication Date: 4/25/2013
Vulnerability Publication Date: 6/1/2009
Reference Information
CVE: CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-1202, CVE-2011-3102, CVE-2011-3970, CVE-2011-4609, CVE-2012-0864, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-5134, CVE-2013-5973
BID: 40063, 46740, 47668, 50898, 51439, 51911, 52201, 53540, 54203, 54374, 54718, 54982, 55331, 56684, 64075, 64491