This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Mac OS X host has an application installed that is affected
by multiple vulnerabilities.
The version of VMware OVF (Open Virtualization Format) Tool installed
on the remote Mac OS X host is version 3.x prior to 3.5.2. It is,
therefore, affected by multiple vulnerabilities in the bundled version
of OpenSSL :
- An error exists in the 'ssl3_read_bytes' function
that permits data to be injected into other sessions
or allows denial of service attacks. Note that this
issue is exploitable only if SSL_MODE_RELEASE_BUFFERS
is enabled. (CVE-2010-5298)
- An error exists in the 'do_ssl3_write' function that
permits a NULL pointer to be dereferenced, which could
allow denial of service attacks. Note that this issue
is exploitable only if SSL_MODE_RELEASE_BUFFERS is
- An error exists in the processing of ChangeCipherSpec
messages that allows the usage of weak keying material.
This permits simplified man-in-the-middle attacks to be
- An error exists in the 'dtls1_get_message_fragment'
function related to anonymous ECDH cipher suites. This
could allow denial of service attacks. Note that this
issue only affects OpenSSL TLS clients. (CVE-2014-3470)
See also :
Upgrade to VMware OVF Tool 3.5.2 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true