Detections
Analytics

ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)

medium Nessus Plugin ID 70886

Language:

Synopsis

The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilities.

Description

The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities :

 - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution.
 (CVE-2009-5029)

 - An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064)

 - An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830)

 - An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089)

 - An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202)

 - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102)

 - An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970)

 - An error exists in the glibc library in the svc_run() function that allows a denial of service.
 (CVE-2011-4609)

 - An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864)

 - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807)

 - Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871)

 - A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution.
 (CVE-2012-2870)

 - Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)

 - Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480)

 - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134)

 - An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)

Solution

Apply patch ESXi510-201304101-SG.

See Also

http://www.nessus.org/u?cdcb8713

https://www.vmware.com/security/advisories/VMSA-2012-0018.html

https://www.vmware.com/security/advisories/VMSA-2013-0014.html

https://www.vmware.com/security/advisories/VMSA-2013-0004.html

https://www.vmware.com/security/advisories/VMSA-2013-0001.html

Plugin Details

Severity: Medium

ID: 70886

File Name: vmware_esxi_5_1_build_1063671_remote.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Required KB Items: Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/25/2013

Vulnerability Publication Date: 6/1/2009

Reference Information

CVE: CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-1202, CVE-2011-3102, CVE-2011-3970, CVE-2011-4609, CVE-2012-0864, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-5134, CVE-2013-5973

BID: 40063, 46740, 47668, 50898, 51439, 51911, 52201, 53540, 54203, 54374, 54718, 54982, 55331, 56684, 64075, 64491