Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.VMWARE_VMSA-2014-0012_REMOTE.NASL
HistoryDec 30, 2015 - 12:00 a.m.

VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)

2015-12-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
45
JSON

The remote VMware ESXi host is affected by multiple vulnerabilities :

  • Multiple denial of service vulnerabilities exist in Python function _read_status() in library httplib and in function readline() in libraries smtplib, ftplib, nntplib, imaplib, and poplib. A remote attacker can exploit these vulnerabilities to crash the module.
    (CVE-2013-1752)

  • A out-of-bounds read error exists in file parser.c in library libxml2 due to a failure to properly check the XML_PARSER_EOF state. An unauthenticated, remote attacker can exploit this, via a crafted document that abruptly ends, to cause a denial of service.
    (CVE-2013-2877)

  • A spoofing vulnerability exists in the Python SSL module in the ssl.match_hostname() function due to improper handling of the NULL character (‘\0’) in a domain name in the Subject Alternative Name field of an X.509 certificate. A man-in-the-middle attacker can exploit this, via a crafted certificate issued by a legitimate certification authority, to spoof arbitrary SSL servers.
    (CVE-2013-4238)

  • cURL and libcurl are affected by a flaw related to the re-use of NTLM connections whenever more than one authentication method is enabled. An unauthenticated, remote attacker can exploit this, via a crafted request, to connect and impersonate other users. (CVE-2014-0015)

  • The default configuration in cURL and libcurl reuses the SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP, and LDAPS connections. An unauthenticated, remote attacker can exploit this, via a crafted request, to connect and impersonate other users. (CVE-2014-0138)

  • A flaw exists in the xmlParserHandlePEReference() function in file parser.c in libxml2 due to loading external entities regardless of entity substitution or validation being enabled. An unauthenticated, remote attacker can exploit this, via a crafted XML document, to exhaust resources, resulting in a denial of service.
    (CVE-2014-0191)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87681);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2013-1752",
    "CVE-2013-2877",
    "CVE-2013-4238",
    "CVE-2014-0015",
    "CVE-2014-0138",
    "CVE-2014-0191"
  );
  script_bugtraq_id(
    61050,
    61738,
    63804,
    65270,
    66457,
    67233
  );
  script_xref(name:"VMSA", value:"2014-0012");

  script_name(english:"VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)");
  script_summary(english:"Checks the version and build numbers of the remote host.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESXi host is affected by multiple vulnerabilities :

  - Multiple denial of service vulnerabilities exist in
    Python function _read_status() in library httplib and
    in function readline() in libraries smtplib, ftplib,
    nntplib, imaplib, and poplib. A remote attacker can
    exploit these vulnerabilities to crash the module.
    (CVE-2013-1752)

  - A out-of-bounds read error exists in file parser.c in
    library libxml2 due to a failure to properly check the
    XML_PARSER_EOF state. An unauthenticated, remote
    attacker can exploit this, via a crafted document that
    abruptly ends, to cause a denial of service.
    (CVE-2013-2877)

  - A spoofing vulnerability exists in the Python SSL module
    in the ssl.match_hostname() function due to improper
    handling of the NULL character ('\0') in a domain name
    in the Subject Alternative Name field of an X.509
    certificate. A man-in-the-middle attacker can exploit
    this, via a crafted certificate issued by a legitimate
    certification authority, to spoof arbitrary SSL servers.
    (CVE-2013-4238)

  - cURL and libcurl are affected by a flaw related to the
    re-use of NTLM connections whenever more than one
    authentication method is enabled. An unauthenticated,
    remote attacker can exploit this, via a crafted request,
    to connect and impersonate other users. (CVE-2014-0015)

  - The default configuration in cURL and libcurl reuses the
    SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP,
    and LDAPS connections. An unauthenticated, remote
    attacker can exploit this, via a crafted request, to 
    connect and impersonate other users. (CVE-2014-0138)

  - A flaw exists in the xmlParserHandlePEReference()
    function in file parser.c in libxml2 due to loading
    external entities regardless of entity substitution or
    validation being enabled. An unauthenticated, remote
    attacker can exploit this, via a crafted XML document,
    to exhaust resources, resulting in a denial of service.
    (CVE-2014-0191)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0012");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2015/000287.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESXi version 5.0 / 5.1 / 5.5.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.5");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");

pci = FALSE;
pci = get_kb_item("Settings/PCI_DSS");

if ("ESXi" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESXi");

esx = "ESXi";

extract = eregmatch(pattern:"^ESXi (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESXi");
else
  ver = extract[1];

fixes = make_array(
          "5.0", "See vendor",
          "5.1", "2323236",
          "5.5", "See vendor"
        );

fix = FALSE;
fix = fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if(!fix)
  audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver, build);

if (!pci && fix == "See vendor")
  audit(AUDIT_PCI);

vuln = FALSE;

# This is for PCI reporting
if (pci && fix == "See vendor")
  vuln = TRUE;
else if (build < fix )
  vuln = TRUE;

if (vuln)
{
  if (report_verbosity > 0)
  {
    report = '\n  Version         : ESXi '  + ver +
             '\n  Installed build : ' + build +
             '\n  Fixed build     : ' + fix +
             '\n';
    security_warning(port:port, extra:report);
  }
  else
    security_warning(port:port);

  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver, build);
VendorProductVersionCPE
vmwareesxi5.0cpe:/o:vmware:esxi:5.0
vmwareesxi5.1cpe:/o:vmware:esxi:5.1
vmwareesxi5.5cpe:/o:vmware:esxi:5.5

Related

securityvulns 4
nessus 58
openvas 54
vmware 2
redhat 4
centos 3
seebug 1
oraclelinux 3
debiancve 4
ubuntucve 3
osv 2
amazon 4
fedora 9
cve 6
prion 6
alpinelinux 1
ibm 12
f5 3
mageia 3
veracode 4
debian 6
freebsd 2
ubuntu 3
gentoo 1
slackware 1
securityvulns
securityvulns
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
libxml2 DoS
2013-07-15 00:00:00
libxml2 DoS
2014-05-07 00:00:00
nessus
nessus
VMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities
2014-12-06 00:00:00
CentOS 6 : libxml2 (CESA-2014:0513)
2014-05-20 00:00:00
Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64 (20140519)
2014-05-20 00:00:00
openvas
openvas
VMware ESXi updates address security vulnerabilities (VMSA-2014-0012) - Remote Version Check
2014-12-05 00:00:00
VMware ESXi product updates address security vulnerabilities (VMSA-2014-0012)
2014-12-05 00:00:00
VMware Security Updates for vCenter Server (VMSA-2014-0012)
2014-12-05 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
redhat
redhat
(RHSA-2014:0513) Moderate: libxml2 security update
2014-05-19 00:00:00
(RHSA-2014:0561) Moderate: curl security and bug fix update
2014-05-27 00:00:00
(RHSA-2015:0749) Moderate: libxml2 security update
2015-03-30 00:00:00
centos
centos
libxml2 security update
2014-05-19 13:08:11
curl, libcurl security update
2014-05-28 12:52:04
libxml2 security update
2015-04-01 03:26:34
seebug
seebug
Python多个安全漏洞
2013-12-30 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2014-05-19 00:00:00
curl security and bug fix update
2014-05-27 00:00:00
python security, bug fix, and enhancement update
2013-11-26 00:00:00
debiancve
debiancve
CVE-2014-0138
2014-04-15 14:55:00
CVE-2013-2877
2013-07-10 10:55:00
CVE-2014-0015
2014-02-02 00:55:00
ubuntucve
ubuntucve
CVE-2014-0138
2014-03-27 00:00:00
CVE-2013-2877
2013-07-10 00:00:00
CVE-2014-0191
2014-05-07 00:00:00
osv
osv
CVE-2014-0138
2014-04-15 14:55:00
smtplib unlimited read
2019-06-03 19:04:24
amazon
amazon
Medium: curl
2014-04-10 23:54:00
Medium: python26
2013-11-03 12:09:00
Low: libxml2
2014-05-21 10:29:00
fedora
fedora
[SECURITY] Fedora 20 Update: curl-7.32.0-8.fc20
2014-03-31 02:15:35
[SECURITY] Fedora 19 Update: curl-7.29.0-17.fc19
2014-03-31 02:12:04
[SECURITY] Fedora 20 Update: curl-7.32.0-4.fc20
2014-02-03 02:46:56
cve
cve
CVE-2014-0138
2014-04-15 14:55:00
CVE-2015-0386
2015-01-21 18:59:00
CVE-2013-2877
2013-07-10 10:55:00
prion
prion
Default configuration
2014-04-15 14:55:00
Design/Logic Flaw
2015-01-21 18:59:00
Out-of-bounds
2013-07-10 10:55:00
alpinelinux
alpinelinux
CVE-2014-0138
2014-04-15 14:55:00
ibm
ibm
Security Bulletin: Vulnerabilities in libxml2 affect System Networking Products (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660)
2019-01-31 01:55:01
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by libxml2 vulnerabilities (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660)
2019-01-31 01:45:01
Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manger (FSM) (CVE-2013-2877, CVE-2014-0191, CVE-2014-3660)
2019-01-31 02:10:01
f5
f5
K15862 : Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
2014-11-25 00:00:00
SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
2014-11-25 00:00:00
K53192206 : Python and Jython vulnerability CVE-2013-1752
2017-07-21 00:00:00
mageia
mageia
Updated curl packages fix multiple vulnerabilities
2014-04-03 04:56:35
Updated libxml2 packages fix CVE-2013-2877
2013-07-21 12:41:56
Updated libxml2 packages fix CVE-2014-0191
2014-05-10 23:46:24
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:01:56
XML External Entities (XXE)
2018-08-06 02:11:43
Denial Of Service (DoS)
2019-01-15 09:06:08
debian
debian
[SECURITY] [DSA 2779-1] libxml2 security update
2013-10-13 21:02:25
[SECURITY] [DSA 2779-1] libxml2 security update
2013-10-13 21:02:25
libxml2 security update
2014-07-19 14:43:46
freebsd
freebsd
libxml2 -- lack of end-of-document check DoS
2013-04-11 00:00:00
libxml2 -- entity substitution DoS
2013-12-03 00:00:00
ubuntu
ubuntu
Python 2.6 vulnerability
2013-10-01 00:00:00
libxml2 vulnerability
2014-05-15 00:00:00
curl vulnerability
2014-02-03 00:00:00
gentoo
gentoo
libxml2: Denial of service
2014-09-19 00:00:00
slackware
slackware
curl
2014-02-13 16:38:20
JSON
Related for VMWARE_VMSA-2014-0012_REMOTE.NASL
securityvulns4nessus58openvas54vmware2redhat4centos3seebug1oraclelinux3debiancve4ubuntucve3osv2amazon4fedora9cve6prion6alpinelinux1ibm12f53mageia3veracode4debian6freebsd2ubuntu3gentoo1slackware1