| Id |
Log ID |
Jvninfo Id |
Plugin ID |
CVE |
CVSS |
Risk |
Host |
Protocol |
Port |
Name |
Synopsis |
Description |
Solution |
See Also |
Plugin Output |
Actions |
| 52119 |
H28_MUN_DWEB_Q4_172_16_240_seg.csv |
36598 |
78108 |
CVE-2013-0242 |
5 |
Medium |
172.16.240.150 |
tcp |
0 |
ESXi 5.5 < Build 1980513 glibc Library Multiple Vulnerabilities (remote check) |
The remote VMware ESXi 5.5 host is affected by multiple
vulnerabilities. |
The remote VMware ESXi host is version 5.5 prior to build 1980513. It
is, therefore, affected by the following vulnerabilities in the glibc
library :
- A buffer overflow flaw exists in the "extend_buffers"
function of the "posix/regexec.c" file, due to not
properly validating user input. Using a specially
crafted expression, a remote attacker can cause a
denial of service. (CVE-2013-0242)
- A buffer overflow flaw exists in the "getaddrinfo"
function of the "/sysdeps/posix/getaddrinfo.c" file,
due to not properly validating user input. A remote
attacker can cause a denial of service by triggering
a large number of domain conversions. (CVE-2013-1914) |
Apply patch ESXi550-201409101-SG for ESXi 5.5. |
http://lists.vmware.com/pipermail/security-announce/2014/000260.html |
ESXi version : ESXi 5.5 Installed build : 1892794 Fixed build : 1980513 |
|
| 52130 |
H28_MUN_DWEB_Q4_172_16_240_seg.csv |
36598 |
87679 |
CVE-2013-0242 |
5 |
Medium |
172.16.240.150 |
tcp |
443 |
VMware ESXi Multiple DoS (VMSA-2014-0008) |
The remote VMware ESXi host is missing a security-related patch. |
The remote ESXi host is affected by multiple denial of service
vulnerabilities in the glibc library :
- A buffer overflow condition exists in the
extend_buffers() function in file posix/regexec.c due to
improper validation of user-supplied input when handling
multibyte characters in a regular expression. An
unauthenticated, remote attacker can exploit this, via
a crafted regular expression, to corrupt the memory,
resulting in a denial of service. (CVE-2013-0242)
- A stack-based buffer overflow condition exists in the
getaddrinfo() function in file posix/getaddrinfo.c due
to improper validation of user-supplied input during the
handling of domain conversion results. An
unauthenticated, remote attacker can exploit this to
cause a denial of service by using a crafted host name
or IP address that triggers a large number of domain
conversion results. (CVE-2013-1914) |
Apply the appropriate patch according to the vendor advisory that
pertains to ESXi version 5.0 / 5.1 / 5.5. |
https://www.vmware.com/security/advisories/VMSA-2014-0008
http://lists.vmware.com/pipermail/security-announce/2014/000282.html |
Version : ESXi 5.5 Installed build : 1892794 Fixed build : 2068190 |
|
| 57688 |
H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv |
36598 |
78108 |
CVE-2013-0242 |
5 |
Medium |
172.16.240.150 |
tcp |
0 |
ESXi 5.5 < Build 1980513 glibc Library Multiple Vulnerabilities (remote check) |
The remote VMware ESXi 5.5 host is affected by multiple
vulnerabilities. |
The remote VMware ESXi host is version 5.5 prior to build 1980513. It
is, therefore, affected by the following vulnerabilities in the glibc
library :
- A buffer overflow flaw exists in the "extend_buffers"
function of the "posix/regexec.c" file, due to not
properly validating user input. Using a specially
crafted expression, a remote attacker can cause a
denial of service. (CVE-2013-0242)
- A buffer overflow flaw exists in the "getaddrinfo"
function of the "/sysdeps/posix/getaddrinfo.c" file,
due to not properly validating user input. A remote
attacker can cause a denial of service by triggering
a large number of domain conversions. (CVE-2013-1914) |
Apply patch ESXi550-201409101-SG for ESXi 5.5. |
http://lists.vmware.com/pipermail/security-announce/2014/000260.html |
ESXi version : ESXi 5.5 Installed build : 1892794 Fixed build : 1980513 |
|
| 57700 |
H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv |
36598 |
87679 |
CVE-2013-0242 |
5 |
Medium |
172.16.240.150 |
tcp |
443 |
VMware ESXi Multiple DoS (VMSA-2014-0008) |
The remote VMware ESXi host is missing a security-related patch. |
The remote ESXi host is affected by multiple denial of service
vulnerabilities in the glibc library :
- A buffer overflow condition exists in the
extend_buffers() function in file posix/regexec.c due to
improper validation of user-supplied input when handling
multibyte characters in a regular expression. An
unauthenticated, remote attacker can exploit this, via
a crafted regular expression, to corrupt the memory,
resulting in a denial of service. (CVE-2013-0242)
- A stack-based buffer overflow condition exists in the
getaddrinfo() function in file posix/getaddrinfo.c due
to improper validation of user-supplied input during the
handling of domain conversion results. An
unauthenticated, remote attacker can exploit this to
cause a denial of service by using a crafted host name
or IP address that triggers a large number of domain
conversion results. (CVE-2013-1914) |
Apply the appropriate patch according to the vendor advisory that
pertains to ESXi version 5.0 / 5.1 / 5.5. |
https://www.vmware.com/security/advisories/VMSA-2014-0008
http://lists.vmware.com/pipermail/security-announce/2014/000282.html |
Version : ESXi 5.5 Installed build : 1892794 Fixed build : 2068190 |
|
