ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
medium Nessus Plugin ID 79862
Language:
Synopsis
The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.Description
The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries :- Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238)
- Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332)
- Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191)
- Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
Solution
Apply patch ESXi510-201412101-SG for ESXi 5.1.See Also
http://www.nessus.org/u?5994bfcf
https://www.vmware.com/security/advisories/VMSA-2014-0008.html
https://www.vmware.com/security/advisories/VMSA-2014-0012.html
Plugin Details
Severity: Medium
ID: 79862
File Name: vmware_esxi_5_1_build_2323236_remote.nasl
Version: 1.14
Type: remote
Family: Misc.
Published: 12/12/2014
Updated: 9/24/2019
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Temporal Vector: E:U/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/o:vmware:esxi
Required KB Items: Host/VMware/version, Host/VMware/release
Exploit Ease: No known exploits are available
Patch Publication Date: 12/4/2014
Vulnerability Publication Date: 8/31/2011
Reference Information
CVE: CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-0242, CVE-2013-1752, CVE-2013-1914, CVE-2013-2877, CVE-2013-4238, CVE-2013-4332, CVE-2014-0015, CVE-2014-0138, CVE-2014-0191
BID: 49778, 51239, 51996, 52379, 57638, 58839, 61050, 61738, 62324, 63804, 65270, 66457, 67233