VMware ESXi 5.0 < Build 3021432 OpenSLP RCE (VMSA-2015-0007)
Critical Nessus Plugin ID 86945
SynopsisThe remote VMware ESXi host is affected by a remote code execution vulnerability.
DescriptionThe remote VMware ESXi host is version 5.0 prior to build 3021432. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
SolutionApply patch ESXi500-201510101-SG for ESXi 5.0.