ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)

Medium Nessus Plugin ID 70886

Synopsis

The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilities.

Description

The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities :

- An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution.
(CVE-2009-5029)

- An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064)

- An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830)

- An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089)

- An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202)

- An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102)

- An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970)

- An error exists in the glibc library in the svc_run() function that allows a denial of service.
(CVE-2011-4609)

- An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864)

- Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807)

- Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871)

- A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution.
(CVE-2012-2870)

- Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)

- Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480)

- A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134)

- An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)

Solution

Apply patch ESXi510-201304101-SG.

See Also

http://www.nessus.org/u?cdcb8713

https://www.vmware.com/security/advisories/VMSA-2012-0018.html

https://www.vmware.com/security/advisories/VMSA-2013-0014.html

https://www.vmware.com/security/advisories/VMSA-2013-0004.html

https://www.vmware.com/security/advisories/VMSA-2013-0001.html

Plugin Details

Severity: Medium

ID: 70886

File Name: vmware_esxi_5_1_build_1063671_remote.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 2013/11/13

Updated: 2018/11/15

Dependencies: 57396

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/04/25

Vulnerability Publication Date: 2009/06/01

Reference Information

CVE: CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-1202, CVE-2011-3102, CVE-2011-3970, CVE-2011-4609, CVE-2012-0864, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-5134, CVE-2013-5973

BID: 40063, 46740, 47668, 50898, 51439, 51911, 52201, 53540, 54203, 54374, 54718, 54982, 55331, 56684, 64075, 64491