ESXi 5.0 / 5.1 / 5.5 / 6.0 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)

high Nessus Plugin ID 92949

Synopsis

The remote VMware ESXi host is affected by multiple vulnerabilities.

Description

The remote VMware ESXi host is version 5.0, 5.1, 5.5, or 6.0 and is missing a security patch. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary code execution vulnerability exists in the Shared Folders (HGFS) feature due to improper loading of Dynamic-link library (DLL) files from insecure paths, including the current working directory, which may not be under user control. A remote attacker can exploit this vulnerability, by placing a malicious DLL in the path or by convincing a user into opening a file on a network share, to inject and execute arbitrary code in the context of the current user. (CVE-2016-5330)

- An HTTP header injection vulnerability exists due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
(CVE-2016-5331)

Solution

Apply the appropriate patch as referenced in the vendor advisory.

Note that VMware Tools on Windows-based guests that use the Shared Folders (HGFS) feature must also be updated to completely mitigate CVE-2016-5330.

See Also

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

http://kb.vmware.com/kb/2142193

http://kb.vmware.com/kb/2143976

http://kb.vmware.com/kb/2141429

http://kb.vmware.com/kb/2144359

Plugin Details

Severity: High

ID: 92949

File Name: vmware_VMSA-2016-0010_remote.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 8/12/2016

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-5330

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Required KB Items: Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2016

Vulnerability Publication Date: 3/15/2016

Exploitable With

Metasploit (DLL Side Loading Vulnerability in VMware Host Guest Client Redirector)

Reference Information

CVE: CVE-2016-5330, CVE-2016-5331

BID: 92323, 92324

VMSA: 2016-0010