Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10.9)

critical Nessus Plugin ID 164581

Synopsis

The Nutanix AOS host is affected by multiple vulnerabilities .

Description

The version of AOS installed on the remote host is prior to 5.10.9. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.10.9 advisory.

- Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. (CVE-2019-1010238)

- curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) (CVE-2018-14618)

- An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). (CVE-2018-14598)

- An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. (CVE-2018-14599)

- An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. (CVE-2018-14600)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?a252356e

Plugin Details

Severity: Critical

ID: 164581

File Name: nutanix_NXSA-AOS-5_10_9.nasl

Version: 1.22

Type: local

Family: Misc.

Published: 9/1/2022

Updated: 7/22/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-14618

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2019-1010238

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 9.3

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2018-20060

Vulnerability Information

CPE: cpe:/o:nutanix:aos

Required KB Items: Host/Nutanix/Data/lts, Host/Nutanix/Data/Service, Host/Nutanix/Data/Version, Host/Nutanix/Data/arch

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/26/2022

Vulnerability Publication Date: 3/21/2016

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2016-10739, CVE-2016-10745, CVE-2016-3186, CVE-2016-3616, CVE-2018-0495, CVE-2018-0734, CVE-2018-1000876, CVE-2018-10689, CVE-2018-10779, CVE-2018-10963, CVE-2018-11212, CVE-2018-11213, CVE-2018-11214, CVE-2018-1122, CVE-2018-11813, CVE-2018-12327, CVE-2018-12404, CVE-2018-12641, CVE-2018-12697, CVE-2018-12900, CVE-2018-14348, CVE-2018-14498, CVE-2018-14598, CVE-2018-14599, CVE-2018-14600, CVE-2018-14618, CVE-2018-14647, CVE-2018-15473, CVE-2018-15686, CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-16842, CVE-2018-16866, CVE-2018-16888, CVE-2018-17100, CVE-2018-17101, CVE-2018-18074, CVE-2018-18310, CVE-2018-18384, CVE-2018-18520, CVE-2018-18521, CVE-2018-18557, CVE-2018-18584, CVE-2018-18585, CVE-2018-18661, CVE-2018-19788, CVE-2018-20060, CVE-2018-3058, CVE-2018-3063, CVE-2018-3066, CVE-2018-3081, CVE-2018-3282, CVE-2018-5741, CVE-2018-7456, CVE-2018-8905, CVE-2019-0217, CVE-2019-0220, CVE-2019-1010238, CVE-2019-11236, CVE-2019-12735, CVE-2019-1559, CVE-2019-2503, CVE-2019-2529, CVE-2019-2614, CVE-2019-2627, CVE-2019-3858, CVE-2019-3861, CVE-2019-5010, CVE-2019-6470, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948