VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

Medium Nessus Plugin ID 87678

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.5

Synopsis

The remote VMware ESXi host is missing a security-related patch.

Description

The remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library :

- A use-after-free error exists in the ssl3_read_bytes() function in file ssl/s3_pkt.c that is triggered when a second read is done to the function by multiple threads when SSL_MODE_RELEASE_BUFFERS is enabled. A man-in-the-middle attacker can exploit this to dereference already freed memory and inject arbitrary data into the SSL stream. (CVE-2010-5298)

- A NULL pointer dereference flaw exists in the do_ssl3_write() function in file ssl/s3_pkt.c due to a failure to properly manage a buffer pointer during certain recursive calls when SSL_MODE_RELEASE_BUFFERS is enabled. A remote attacker can exploit this, by triggering an alert condition, to cause a denial of service. (CVE-2014-0198)

- A flaw exists due to a failure to properly restrict processing of ChangeCipherSpec messages. A man-in-the-middle attacker can exploit this, via a crafted TLS handshake, to force the use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, resulting in the session being hijacked and sensitive information being disclosed. (CVE-2014-0224)

- A NULL pointer dereference flaw exists in the ssl3_send_client_key_exchange() function in file s3_clnt.c, when an anonymous ECDH cipher suite is used, that allows a remote attacker to cause a denial of service. (CVE-2014-3470)

Solution

Apply the appropriate patch according to the vendor advisory that pertains to ESXi version 5.0 / 5.1 / 5.5.

See Also

https://www.vmware.com/security/advisories/VMSA-2014-0006

http://lists.vmware.com/pipermail/security-announce/2014/000276.html

Plugin Details

Severity: Medium

ID: 87678

File Name: vmware_VMSA-2014-0006_remote.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 2015/12/30

Updated: 2019/11/20

Dependencies: 57396

Risk Information

Risk Factor: Medium

VPR Score: 8.5

CVSS Score Source: CVE-2014-0224

CVSS v2.0

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esxi:5.0, cpe:/o:vmware:esxi:5.1, cpe:/o:vmware:esxi:5.5

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/10/09

Vulnerability Publication Date: 2014/04/11

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-5298, CVE-2014-0198, CVE-2014-0224, CVE-2014-3470

BID: 66801, 67193, 67898, 67899

VMSA: 2014-0006

CERT: 978508