ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)

This script is (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi 5.1 host is affected by multiple security
vulnerabilities.

Description :

The remote VMware ESXi 5.1 host is affected by the following security
vulnerabilities :

- An integer overflow condition exists in the glibc
library in the __tzfile_read() function that allows a
denial of service or arbitrary code execution.
(CVE-2009-5029)

- An error exists in the glibc library related to modified
loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow
arbitrary code execution. This issue is disputed by the
creators of glibc. (CVE-2009-5064)

- An integer signedness error exists in the
elf_get_dynamic_info() function in elf/dynamic-link.h
that allows arbitrary code execution. (CVE-2010-0830)

- An error exists in the glibc library in the addmntent()
function that allows a corruption of the '/etc/mtab'
file. (CVE-2011-1089)

- An error exists in the libxslt library in the
xsltGenerateIdFunction() function that allows the
disclosure of sensitive information. (CVE-2011-1202)

- An off-by-one overflow condition exists in the
xmlXPtrEvalXPtrPart() function due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via a specially
crafted XML file, to cause a denial of service condition
or the execution of arbitrary code. (CVE-2011-3102)

- An out-of-bounds read error exists in the libxslt
library in the xsltCompilePatternInternal() function
that allows a denial of service. (CVE-2011-3970)

- An error exists in the glibc library in the svc_run()
function that allows a denial of service.
(CVE-2011-4609)

- An overflow error exists in the glibc library in the
printf() function related to 'nargs' parsing that allows
arbitrary code execution. (CVE-2012-0864)

- Multiple integer overflow conditions exist due to
improper validation of user-supplied input when handling
overly long strings. An unauthenticated, remote
attacker can exploit this, via a specially crafted XML
file, to cause a denial of service condition or the
execution of arbitrary code. (CVE-2012-2807)

- Multiple type-confusion errors exist in the
'IS_XSLT_ELEM' macro and the xsltApplyTemplates()
function that allow a denial of service or the
disclosure of sensitive information. (CVE-2012-2825,
CVE-2012-2871)

- A use-after-free error exists in the libxslt library in
the xsltGenerateIdFunction() function that allows a
denial of service or arbitrary code execution.
(CVE-2012-2870)

- Multiple format string error exist in glibc that allow
arbitrary code execution. (CVE-2012-3404, CVE-2012-3405,
CVE-2012-3406)

- Multiple overflow errors exist in the glibc functions
strtod(), strtof(), strtold(), and strtod_l() that allow
arbitrary code execution. (CVE-2012-3480)

- A heap-based underflow condition exists in the bundled
libxml2 library due to incorrect parsing of strings not
containing an expected space. A remote attacker can
exploit this, via a specially crafted XML document, to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2012-5134)

- An arbitrary file modification vulnerability due to
improper handling of certain Virtual Machine file
descriptors. A local attacker can exploit this to read
or modify arbitrary files. (CVE-2013-5973)

See also :

http://kb.vmware.com/kb/2041637
http://www.vmware.com/security/advisories/VMSA-2012-0018.html
http://www.vmware.com/security/advisories/VMSA-2013-0014.html
http://www.vmware.com/security/advisories/VMSA-2013-0004.html
http://www.vmware.com/security/advisories/VMSA-2013-0001.html

Solution :

Apply patch ESXi510-201304101-SG.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false