ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check)

high Nessus Plugin ID 70884

Language:

Synopsis

The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilities.

Description

The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities :

 - Errors exist in the Libxml2 library functions 'xmlXPathNextPrecedingSibling', 'xmlNodePtr' and 'xmlXPathNextPrecedingInternal' that could allow denial of service attacks or arbitrary code execution.
 (CVE-2010-4008)

 - Buffer overflow errors exist in the libxml2 library functions 'xmlCharEncFirstLineInt' and 'xmlCharEncInFunc' that could allow denial of service attacks or arbitrary code execution. (CVE-2011-0216)

 - A buffer overflow error exists in the libxml2 library file 'xpath.c' related to handling 'XPath' nodesets that could allow denial of service attacks or arbitrary code execution. (CVE-2011-1944)

 - A double-free error exists in the libxml2 library function 'xmlXPathCompOpEval' related to handling invalid 'XPath' expressions that could allow denial of service attacks or arbitrary code execution.
 (CVE-2011-2834)

 - An out-of-bounds read error exists in the libxml2 library file 'parser.c' related to handling 'Stop' orders that could allow denial of service attacks.
 (CVE-2011-3905)

 - A buffer overflow error exists in the libxml2 library function 'xmlStringLenDecodeEntities' related to copying entities that could allow denial of service attacks or arbitrary code execution. (CVE-2011-3919)

 - An error exists in the libxml2 library related to hash collisions that could allow denial of service attacks.
 (CVE-2012-0841)

Solution

Apply patch ESXi500-201207101-SG.

See Also

http://www.nessus.org/u?3fd0011c

http://www.vmware.com/security/advisories/VMSA-2012-0012.html

Plugin Details

Severity: High

ID: 70884

File Name: vmware_esxi_5_0_build_764879_remote.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 11/13/2013

Updated: 8/6/2018

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.0

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/12/2012

Vulnerability Publication Date: 10/15/2010

Reference Information

CVE: CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841

BID: 44779, 48056, 48832, 49658, 51084, 51300, 52107

VMSA: 2012-0012