Synopsis
The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
Description
The remote VMware ESXi 5.1 host is affected by the following vulnerabilities :
- A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166)
- An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169)
- An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338)
- A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207)
- A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208)
Solution
Apply patch ESXi510-201401101-SG.