VMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007)

Critical Nessus Plugin ID 86946

Synopsis

The remote VMware ESXi host is affected by a remote code execution vulnerability.

Description

The remote VMware ESXi host is version 5.1 prior to build 3021178. It is, therefore, affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.

Solution

Apply patch ESXi510-201510101-SG for ESXi 5.1.

See Also

https://www.vmware.com/security/advisories/VMSA-2015-0007

http://www.zerodayinitiative.com/advisories/ZDI-15-455/

Plugin Details

Severity: Critical

ID: 86946

File Name: vmware_esxi_5_1_build_3021178_remote.nasl

Version: $Revision: 1.4 $

Type: remote

Family: Misc.

Published: 2015/11/19

Modified: 2015/12/18

Dependencies: 57396

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:UR

Vulnerability Information

CPE: cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/10/01

Vulnerability Publication Date: 2015/08/06

Reference Information

CVE: CVE-2015-5177

BID: 76635

OSVDB: 126300

VMSA: 2015-0007

ZDI: ZDI-15-455