Detections
Analytics

ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)

low Nessus Plugin ID 72037

Language:

Synopsis

The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.

Description

The remote VMware ESXi 5.1 host is affected by the following vulnerabilities :

 - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166)

 - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)

 - An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338)

 - A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207)

 - A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208)

Solution

Apply patch ESXi510-201401101-SG.

See Also

http://www.nessus.org/u?a47445a3

https://www.vmware.com/security/advisories/VMSA-2013-0009.html

https://www.vmware.com/security/advisories/VMSA-2014-0001.html

Plugin Details

Severity: Low

ID: 72037

File Name: vmware_esxi_5_1_build_1483097_remote.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 1/20/2014

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-0169

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.1

Required KB Items: Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/16/2014

Vulnerability Publication Date: 1/16/2014

Reference Information

CVE: CVE-2013-0166, CVE-2013-0169, CVE-2013-0338, CVE-2014-1207, CVE-2014-1208

BID: 57778, 58180, 60268, 64994, 64995