ESXi 5.0 / 5.1 / 5.5 / 6.0 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi host is affected by multiple vulnerabilities.

Description :

The remote VMware ESXi host is version 5.0, 5.1, 5.5, or 6.0 and is
missing a security patch. It is, therefore, affected by multiple
vulnerabilities :

- An arbitrary code execution vulnerability exists in the
Shared Folders (HGFS) feature due to improper loading of
Dynamic-link library (DLL) files from insecure paths,
including the current working directory, which may not
be under user control. A remote attacker can exploit
this vulnerability, by placing a malicious DLL in the
path or by convincing a user into opening a file on a
network share, to inject and execute arbitrary code in
the context of the current user. (CVE-2016-5330)

- An HTTP header injection vulnerability exists due to
improper sanitization of user-supplied input. A remote
attacker can exploit this to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks.
(CVE-2016-5331)

See also :

http://www.vmware.com/security/advisories/VMSA-2016-0010.html
http://kb.vmware.com/kb/2142193
http://kb.vmware.com/kb/2143976
http://kb.vmware.com/kb/2141429
http://kb.vmware.com/kb/2144359

Solution :

Apply the appropriate patch as referenced in the vendor advisory.

Note that VMware Tools on Windows-based guests that use the Shared
Folders (HGFS) feature must also be updated to completely mitigate
CVE-2016-5330.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 92949 ()

Bugtraq ID: 92323
92324

CVE ID: CVE-2016-5330
CVE-2016-5331

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now