This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote VMware ESX / ESXi host is missing a security-related patch.
The remote VMware ESX / ESXi host is affected by multiple
- Multiple integer overflow conditions exist in the glibc
package in file malloc/malloc.c. An unauthenticated,
remote attacker can exploit these to cause heap memory
corruption by passing large values to the pvalloc(),
valloc(), posix_memalign(), memalign(), or
aligned_alloc() functions, resulting in a denial of
- A distributed denial of service (DDoS) vulnerability
exists in the NTP daemon due to improper handling of the
'monlist' command. A remote attacker can exploit this,
via a forged request to an affected NTP server, to cause
an amplified response to the intended target of the DDoS
See also :
Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 /
5.1 / 5.5.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true