Detections
Analytics
VMware ESXi Multiple DoS (VMSA-2014-0008)
medium Nessus Plugin ID 87679
Language:
Synopsis
The remote VMware ESXi host is missing a security-related patch.Description
The remote ESXi host is affected by multiple denial of service vulnerabilities in the glibc library :- A buffer overflow condition exists in the extend_buffers() function in file posix/regexec.c due to improper validation of user-supplied input when handling multibyte characters in a regular expression. An unauthenticated, remote attacker can exploit this, via a crafted regular expression, to corrupt the memory, resulting in a denial of service. (CVE-2013-0242)
- A stack-based buffer overflow condition exists in the getaddrinfo() function in file posix/getaddrinfo.c due to improper validation of user-supplied input during the handling of domain conversion results. An unauthenticated, remote attacker can exploit this to cause a denial of service by using a crafted host name or IP address that triggers a large number of domain conversion results. (CVE-2013-1914)
Solution
Apply the appropriate patch according to the vendor advisory that pertains to ESXi version 5.0 / 5.1 / 5.5.See Also
https://www.vmware.com/security/advisories/VMSA-2014-0008
http://lists.vmware.com/pipermail/security-announce/2014/000282.html
Plugin Details
Severity: Medium
ID: 87679
File Name: vmware_VMSA-2014-0008_remote.nasl
Version: 1.7
Type: remote
Family: Misc.
Published: 12/30/2015
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/o:vmware:esxi:5.0, cpe:/o:vmware:esxi:5.1, cpe:/o:vmware:esxi:5.5
Required KB Items: Host/VMware/release, Host/VMware/version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/4/2014
Vulnerability Publication Date: 1/29/2013
Reference Information
CVE: CVE-2013-0242, CVE-2013-1914
VMSA: 2014-0008