VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESX / ESXi host is missing a security-related patch.

Description :

The remote VMware ESX / ESXi host is affected by multiple
vulnerabilities :

- Multiple remote code execution vulnerabilities exist in
the bundled libxml2 library in the
xmlXPathNextPrecedingSibling(), xmlNodePtr(), and
xmlXPathNextPrecedingInternal() functions due to
improper processing of namespaces and attributes nodes.
A remote attacker can exploit these, via a specially
crafted XML file, to cause a denial of service condition
or the execution of arbitrary code. (CVE-2010-4008)

- Multiple remote code execution vulnerabilities exist in
the bundled libxml2 library in the
xmlCharEncFirstLineInt() and xmlCharEncInFunc()
functions due to an off-by-one overflow condition. A
remote attacker can exploit these, via a specially
crafted XML file, to cause a denial of service condition
or the execution of arbitrary code. (CVE-2011-0216)

- A remote code execution vulnerability exists in the
bundled libxml2 library due to improper sanitization of
user-supplied input when processing an XPath nodeset. A
remote attacker can exploit this, via a specially
crafted request, to cause a heap-based buffer overflow,
resulting in a denial of service condition or the
execution of arbitrary code. (CVE-2011-1944)

- A remote code execution vulnerability exists in the
bundled libxml2 library in the xmlXPathCompOpEval()
function due to improper processing of invalid XPath
expressions. A remote attacker can exploit this, via a
specially crafted XSLT stylesheet, to cause a denial of
service condition or the execution of arbitrary code.
(CVE-2011-2834)

- A denial of service vulnerability exists in the bundled
libxml2 library due to multiple out-of-bounds read
errors in parser.c that occur when getting a Stop order.
A remote attacker can exploit this, via a specially
crafted XML document, to cause a denial of service
condition. (CVE-2011-3905)

- A remote code execution vulnerability exists in the
bundled libxml2 library in the
xmlStringLenDecodeEntities() function in parser.c due
to an overflow condition that occurs when copying
entities. A remote attacker can exploit this, via a
specially crafted request, to cause a heap-based buffer
overflow, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2011-3919)

- A denial of service vulnerability exists in the bundled
libxml2 library due to improper processing of crafted
parameters. A remote attacker can exploit this to cause
a hash collision, resulting in a denial of service
condition. (CVE-2012-0841)

See also :

http://www.vmware.com/security/advisories/VMSA-2012-0012.html

Solution :

Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 5.0 or ESXi version 4.0 / 4.1.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now