Detections
Analytics

ESXi 5.1 < Build 911593 Multiple Vulnerabilities (remote check)

high Nessus Plugin ID 70888

Language:

Synopsis

The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilities.

Description

The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities :

 - An input validation error exists in the function 'png_set_text_2' in the libpng library that could allow memory corruption and arbitrary code execution.
 (CVE-2011-3048)

 - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI). A local attacker can exploit this, via control code, to change allocated memory, resulting in the escalation of privileges. (CVE-2013-1406)

 - An error exists related to Network File Copy (NFC) handling that could allow denial of service attacks or arbitrary code execution. (CVE-2013-1659)

Solution

Apply ESXi510-201212001-SG.

See Also

http://www.nessus.org/u?7be12280

http://www.vmware.com/security/advisories/VMSA-2013-0002.html

https://www.vmware.com/security/advisories/VMSA-2013-0003.html

Plugin Details

Severity: High

ID: 70888

File Name: vmware_esxi_5_1_build_911593_remote.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 9/24/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.1

Required KB Items: Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/20/2012

Vulnerability Publication Date: 3/29/2012

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-3048, CVE-2013-1406, CVE-2013-1659

BID: 52830, 57867, 58115