Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.VMWARE_VMSA-2014-0002_REMOTE.NASL
HistoryDec 30, 2015 - 12:00 a.m.

VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002)

2015-12-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
150
JSON

The remote VMware ESX / ESXi host is affected by multiple vulnerabilities :

  • Multiple integer overflow conditions exist in the glibc package in file malloc/malloc.c. An unauthenticated, remote attacker can exploit these to cause heap memory corruption by passing large values to the pvalloc(), valloc(), posix_memalign(), memalign(), or aligned_alloc() functions, resulting in a denial of service. (CVE-2013-4332)

  • A distributed denial of service (DDoS) vulnerability exists in the NTP daemon due to improper handling of the ‘monlist’ command. A remote attacker can exploit this, via a forged request to an affected NTP server, to cause an amplified response to the intended target of the DDoS attack. (CVE-2013-5211)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87674);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2013-4332",
    "CVE-2013-5211"
  );
  script_bugtraq_id(
    62324,
    64692
  );
  script_xref(name:"VMSA", value:"2014-0002");
  script_xref(name:"CERT", value:"348126");

  script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002)");
  script_summary(english:"Checks the version and build numbers of the remote host.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is affected by multiple
vulnerabilities :

  - Multiple integer overflow conditions exist in the glibc
    package in file malloc/malloc.c. An unauthenticated,
    remote attacker can exploit these to cause heap memory
    corruption by passing large values to the pvalloc(),
    valloc(), posix_memalign(), memalign(), or
    aligned_alloc() functions, resulting in a denial of
    service. (CVE-2013-4332)

  - A distributed denial of service (DDoS) vulnerability
    exists in the NTP daemon due to improper handling of the
    'monlist' command. A remote attacker can exploit this,
    via a forged request to an affected NTP server, to cause
    an amplified response to the intended target of the DDoS
    attack. (CVE-2013-5211)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0002");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000281.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 /
5.1 / 5.5.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = '';

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
else
{
  esx = extract[1];
  ver = extract[2];
}

# fixed build numbers are the same for ESX and ESXi
fixes = make_array(
          "4.0", "1682696",
          "4.1", "1682698",
          "5.0", "1749766",
          "5.1", "1743201",
          "5.5", "1623387"
        );

full_fixes = make_array(
              "5.0", "1851670",
              "5.1", "1743533"
           );

fix = FALSE;
fix = fixes[ver];
full_fix = FALSE;
full_fix = full_fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if(!fix)
  audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);

if (build < fix)
{
  if (full_fix)
    fix = fix + " / " + full_fix;

  if (report_verbosity > 0)
  {
    report = '\n  Version         : ' + esx + " " + ver +
             '\n  Installed build : ' + build +
             '\n  Fixed build     : ' + fix +
             '\n';
    security_warning(port:port, extra:report);
  }
  else
    security_warning(port:port);

  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
VendorProductVersionCPE
vmwareesx4.0cpe:/o:vmware:esx:4.0
vmwareesx4.1cpe:/o:vmware:esx:4.1
vmwareesxi4.0cpe:/o:vmware:esxi:4.0
vmwareesxi4.1cpe:/o:vmware:esxi:4.1
vmwareesxi5.0cpe:/o:vmware:esxi:5.0
vmwareesxi5.1cpe:/o:vmware:esxi:5.1
vmwareesxi5.5cpe:/o:vmware:esxi:5.5

Related

vmware 2
nessus 59
openvas 35
oraclelinux 7
ibm 14
redhat 3
cve 2
checkpoint_advisories 1
suse 3
zdt 1
securityvulns 5
threatpost 4
cert 1
freebsd 1
ubuntucve 2
veracode 1
exploitpack 1
packetstorm 1
prion 2
centos 2
debiancve 2
checkpoint_security 1
fortinet 1
thn 1
f5 2
metasploit 1
freebsd_advisory 1
gentoo 2
ics 1
aix 1
mageia 2
amazon 3
slackware 1
exploitdb 1
fedora 3
altlinux 3
ubuntu 1
debian 1
osv 1
vmware
vmware
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
VMware vSphere updates to third party libraries
2014-03-11 00:00:00
nessus
nessus
VMSA-2014-0002 : VMware vSphere updates to third-party libraries
2014-03-12 00:00:00
ESXi 5.5 < Build 1623387 Multiple Vulnerabilities (remote check)
2015-05-22 00:00:00
Oracle Linux 7 : ntp (ELSA-2016-3612)
2016-09-13 00:00:00
openvas
openvas
VMSA-2014-0002 VMware vSphere updates to third party libraries
2014-03-12 00:00:00
VMSA-2014-0002 VMware vSphere updates to third party libraries (remote check)
2014-03-12 00:00:00
VMSA-2014-0002 VMware vSphere updates to third party libraries
2014-03-12 00:00:00
oraclelinux
oraclelinux
glibc security and bug fix update
2013-10-08 00:00:00
ntp security update
2016-09-09 00:00:00
ntp security update
2016-09-09 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in glibc affects Integrated Management Module 2 (IMM2) (CVE-2013-4332)
2019-01-31 01:55:01
Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)
2022-02-23 19:48:26
Security Bulletin: The IBM Chassis Management Module (CMM) is affected by a vulnerability in NTP server (CVE-2013-5211)
2019-01-31 01:25:01
redhat
redhat
(RHSA-2013:1411) Moderate: glibc security and bug fix update
2013-10-08 00:00:00
(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update
2013-11-21 00:00:00
cve
cve
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-5211
2014-01-02 14:59:00
checkpoint_advisories
checkpoint_advisories
NTP Servers Monlist Command Denial of Service (CVE-2013-5211)
2014-01-19 00:00:00
suse
suse
DDoS reflection attacks in ntp
2014-01-20 17:05:38
Security update for glibc (important)
2014-09-12 06:04:16
Security update for glibc (important)
2014-09-15 19:04:18
zdt
zdt
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-29 00:00:00
securityvulns
securityvulns
ntp traffic amplification
2014-01-14 00:00:00
[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service &#40;DoS&#41;
2014-01-14 00:00:00
TA14-013A: NTP Amplification Attacks Using CVE-2013-5211
2014-01-14 00:00:00
threatpost
threatpost
Volume of NTP Amplification Attacks Getting Louder
2014-04-29 13:03:29
NTP Amplification Blamed for 400 Gbps DDoS Attack
2014-02-11 12:21:35
NTP Amplification Flaw To Blame For Gaming DDoS Attacks
2014-01-14 12:45:33
cert
cert
NTP can be abused to amplify denial-of-service attack traffic
2014-01-10 00:00:00
freebsd
freebsd
ntpd DRDoS / Amplification Attack using ntpdc monlist command
2014-01-01 00:00:00
ubuntucve
ubuntucve
CVE-2013-4332
2013-10-09 00:00:00
CVE-2013-5211
2014-01-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:00:29
exploitpack
exploitpack
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
packetstorm
packetstorm
NTP Amplification Denial Of Service Tool
2014-07-16 00:00:00
prion
prion
Integer overflow
2013-10-09 22:55:00
Security feature bypass
2014-01-02 14:59:00
centos
centos
glibc, nscd security update
2013-10-08 20:20:03
glibc, nscd security update
2013-11-26 13:31:38
debiancve
debiancve
CVE-2013-4332
2013-10-09 22:55:00
CVE-2013-5211
2014-01-02 14:59:00
checkpoint_security
checkpoint_security
Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)
2014-03-01 22:00:00
fortinet
fortinet
FortiAnalyzer could potentially be used in NTP amplification attacks
2020-06-22 00:00:00
thn
thn
Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack
2014-01-02 20:25:00
f5
f5
K15154 : NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
SOL15154 - NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
metasploit
metasploit
NTP Monitor List Scanner
2010-01-27 23:25:17
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:02.ntpd
2014-01-14 00:00:00
gentoo
gentoo
NTP: Traffic amplification
2014-01-16 00:00:00
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00
ics
ics
NTP Reflection Attack
2018-09-06 12:00:00
aix
aix
Network Time Protocol (NTP) vulnerability in AIX,Network Time Protocol (NTP) vulnerability in VIOS
2014-06-12 16:24:51
mageia
mageia
Updated ntp packages work around security vulnerability
2014-01-31 20:44:56
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
amazon
amazon
Medium: ntp
2021-09-08 23:35:00
Medium: glibc
2013-12-17 21:39:00
Medium: ntp
2018-05-10 17:01:00
slackware
slackware
ntp
2014-02-13 16:38:35
exploitdb
exploitdb
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: glibc-2.18-9.fc20
2013-09-26 06:13:02
[SECURITY] Fedora 19 Update: glibc-2.17-18.fc19
2013-09-28 00:07:09
[SECURITY] Fedora 19 Update: glibc-2.17-21.fc19
2014-10-19 13:24:18
altlinux
altlinux
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3
2015-12-23 00:00:00
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6
2014-01-11 00:00:00
ubuntu
ubuntu
GNU C Library vulnerabilities
2013-10-21 00:00:00
debian
debian
[SECURITY] [DLA 165-1] eglibc security update
2015-03-06 15:40:37
osv
osv
eglibc - security update
2015-03-06 00:00:00
JSON
Related for VMWARE_VMSA-2014-0002_REMOTE.NASL
vmware2nessus59openvas35oraclelinux7ibm14redhat3cve2checkpoint_advisories1suse3zdt1securityvulns5threatpost4cert1freebsd1ubuntucve2veracode1exploitpack1packetstorm1prion2centos2debiancve2checkpoint_security1fortinet1thn1f52metasploit1freebsd_advisory1gentoo2ics1aix1mageia2amazon3slackware1exploitdb1fedora3altlinux3ubuntu1debian1osv1