This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote host is missing a security-related patch.
The remote VMware ESX host is missing a security-related patch. It is,
therefore, affected by multiple vulnerabilities :
- An out-of-bounds read error exists in the MIT Kerberos
SPNEGO implementation in the get_input_token() function.
A remote attacker can exploit this, via a crafted
length value, to cause a denial of service or to obtain
access to sensitive information. (CVE-2009-0844)
- A NULL pointer dereference flaw exists in MIT Kerberos
in the spnego_gss_accept_sec_context() function when
SPNEGO is used. A remote attacker can exploit this, via
invalid ContextFlags data in the 'reqFlags' field within
a 'negTokenInit' token, to cause a denial of service.
- A flaw exists in the MIT Kerberos ASN.1 GeneralizedTime
decoder in the asn1_decode_generaltime() function. A
remote attacker can exploit this, via vectors involving
invalid DER encoding, to free an uninitialized pointer,
resulting in a denial of service or the execution of
arbitrary code. (CVE-2009-0846)
See also :
Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 3.5 / 4.0.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false