ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check)

high Nessus Plugin ID 70881
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.

Description

The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the big2_toUtf8() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
(CVE-2009-3560)

- A denial of service vulnerability exists in the updatePosition() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application.
(CVE-2009-3720)

- An integer overflow condition exists in the BZ2_decompress() function in file decompress.c in the bzip2 and libbzip2 library. A remote attacker can exploit this, via a crafted compressed file, to cause a denial of service or the execution of arbitrary code.
(CVE-2010-0405)

- A denial of service vulnerability exists in the audioop module due to multiple integer overflows conditions in file audioop.c. A remote attacker can exploit this, via a large fragment or argument, to cause a buffer overflow, resulting in an application crash.
(CVE-2010-1634)

- A denial of service vulnerability exists in the audioop module due to a failure to verify the relationships between size arguments and byte string length. A remote attacker can exploit this, via crafted arguments, to cause memory corruption, resulting in an application crash. (CVE-2010-2089)

- A flaw exists in the urllib and urllib2 modules due to processing Location headers that specify redirection to a file. A remote attacker can exploit this, via a crafted URL, to gain sensitive information or cause a denial of service. (CVE-2011-1521)

- A privilege escalation vulnerability exists due to an incorrect ACL being used for the VMware Tools folder. An attacker on an adjacent network with access to a guest operating system can exploit this to gain elevated privileges on the guest operating system.
(CVE-2012-1518)

Solution

Apply patches ESXi500-201203102-SG and ESXi500-201203101-SG according to the vendor advisory.

See Also

http://www.nessus.org/u?5e527c97

https://www.vmware.com/security/advisories/VMSA-2012-0001.html

https://www.vmware.com/security/advisories/VMSA-2012-0005.html

http://www.vmware.com/security/advisories/VMSA-2012-0007.html

http://www.nessus.org/u?f1d92f8f

http://www.nessus.org/u?e044b71b

Plugin Details

Severity: High

ID: 70881

File Name: vmware_esxi_5_0_build_608089_remote.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 11/15/2018

Dependencies: vmware_vsphere_detect.nbin

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.9

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.0

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2012

Vulnerability Publication Date: 11/5/2009

Exploitable With

CANVAS (White_Phosphorus)

Reference Information

CVE: CVE-2009-3560, CVE-2009-3720, CVE-2010-0405, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521, CVE-2012-1518

BID: 36097, 37203, 40370, 40863, 43331, 47024, 53006

VMSA: 2012-0001, 2012-0005, 2012-0007

IAVB: 2010-B-0083

EDB-ID: 34145

CWE: 119