VMSA-2015-0007 : VMware vCenter and ESXi updates address critical security issues

Critical Nessus Plugin ID 86254


The remote VMware ESXi host is missing a security-related patch.


The remote VMware ESXi host is affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.


Apply the missing patch.

See Also


Plugin Details

Severity: Critical

ID: 86254

File Name: vmware_VMSA-2015-0007.nasl

Version: $Revision: 1.26 $

Type: local

Published: 2015/10/03

Modified: 2018/01/29

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 7.5

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.0, cpe:/o:vmware:esxi:5.1, cpe:/o:vmware:esxi:5.5

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/10/01

Exploitable With

Core Impact

Metasploit (Java JMX Server Insecure Configuration Java Code Execution)

Reference Information

CVE: CVE-2015-1047, CVE-2015-2342, CVE-2015-5177

OSVDB: 126300, 128332, 128333

VMSA: 2015-0007

IAVB: 2015-B-0120, 2015-B-0121, 2015-B-0122