VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a virtualization appliance installed that is
affected by multiple OpenSSL vulnerabilities.

Description :

The VMware vSphere Replication installed on the remote host is version
5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore,
affected by the following OpenSSL related vulnerabilities :

- An error exists in the function 'ssl3_read_bytes' that
could allow data to be injected into other sessions or
allow denial of service attacks. Note that this issue
is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
enabled. (CVE-2010-5298)

- An error exists in the function 'do_ssl3_write' that
could allow a NULL pointer to be dereferenced leading to
denial of service attacks. Note that this issue is
exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
enabled. (CVE-2014-0198)

- An unspecified error exists that could allow an attacker
to cause usage of weak keying material leading to
simplified man-in-the-middle attacks. (CVE-2014-0224)

- An unspecified error exists related to anonymous ECDH
cipher suites that could allow denial of service
attacks. Note that this issue only affects OpenSSL TLS
clients. (CVE-2014-3470)

See also :

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

Solution :

Upgrade to vSphere Replication 5.5.1.1 / 5.8 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 78024 ()

Bugtraq ID: 66801
67193
67898
67899

CVE ID: CVE-2010-5298
CVE-2014-0198
CVE-2014-0224
CVE-2014-3470

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now