VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi host is missing a security-related patch.

Description :

The remote VMware ESXi host is affected by multiple vulnerabilities :

- Multiple denial of service vulnerabilities exist in
Python function _read_status() in library httplib and
in function readline() in libraries smtplib, ftplib,
nntplib, imaplib, and poplib. A remote attacker can
exploit these vulnerabilities to crash the module.
(CVE-2013-1752)

- A out-of-bounds read error exists in file parser.c in
library libxml2 due to a failure to properly check the
XML_PARSER_EOF state. An unauthenticated, remote
attacker can exploit this, via a crafted document that
abruptly ends, to cause an denial of service.
(CVE-2013-2877)

- A spoofing vulnerability exists in the Python SSL module
in the ssl.match_hostname() function due to improper
handling of the NULL character ('\0') in a domain name
in the Subject Alternative Name field of an X.509
certificate. A man-in-the-middle attacker can exploit
this, via a crafted certificate issued by a legitimate
certification authority, to spoof arbitrary SSL servers.
(CVE-2013-4238)

- cURL and libcurl are affected by a flaw related to the
re-use of NTLM connections whenever more than one
authentication method is enabled. An unauthenticated,
remote attacker can exploit this, via a crafted request,
to connect and impersonate other users. (CVE-2014-0015)

- The default configuration in cURL and libcurl reuses the
SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP,
and LDAPS connections. An unauthenticated, remote
attacker can exploit this, via a crafted request, to
connect and impersonate other users. (CVE-2014-0138)

- A flaw exists in the xmlParserHandlePEReference()
function in file parser.c in libxml2 due to loading
external entities regardless of entity substitution or
validation being enabled. An unauthenticated, remote
attacker can exploit this, via a crafted XML document,
to exhaust resources, resulting in a denial of service.
(CVE-2014-0191)

See also :

https://www.vmware.com/security/advisories/VMSA-2014-0012
http://lists.vmware.com/pipermail/security-announce/2015/000287.html

Solution :

Apply the appropriate patch according to the vendor advisory that
pertains to ESXi version 5.0 / 5.1 / 5.5.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now