SynopsisThe remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
DescriptionThe remote VMware ESXi host is version 5.1 prior to build 1743201. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the monlist feature in NTP. A remote attacker can exploit this flaw, using a specially crafted packet to load the query function in monlist, to conduct a distributed denial of service attack.
- An unspecified privilege escalation vulnerability exists that allows an attacker to gain host OS privileges or cause a denial of service condition by modifying a configuration file. (CVE-2014-8370)
- A flaw exists in the VMware Authorization process (vmware-authd) due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1044)
SolutionApply patch ESXi510-201404001 for ESXi 5.1.