Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.VMWARE_VMSA-2014-0001_REMOTE.NASL
HistoryDec 30, 2015 - 12:00 a.m.

VMware ESX / ESXi Multiple DoS (VMSA-2014-0001)

2015-12-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
30

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.019

Percentile

88.7%

JSON

The remote VMware ESX / ESXi host is affected by multiple denial of service vulnerabilities :

- A denial of service vulnerability exists due to a NULL       pointer deference flaw when handling Network File Copy       (NFC) traffic. An unauthenticated, remote attacker can       exploit this by intercepting and modifying the traffic       between the ESX / ESXi host and the client.
  (CVE-2014-1207)

- A flaw exists due to improper handling of invalid       ports. An unauthenticated attacker on an adjacent       network can exploit this to cause VMX processing to       fail, resulting in a partial denial of service.
  (CVE-2014-1208)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(87673);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2014-1207",
    "CVE-2014-1208"
  );
  script_bugtraq_id(
    64994,
    64995
  );
  script_xref(name:"VMSA", value:"2014-0001");

  script_name(english:"VMware ESX / ESXi Multiple DoS (VMSA-2014-0001)");
  script_summary(english:"Checks the version and build numbers of the remote host.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is affected by multiple denial of
service vulnerabilities :

    - A denial of service vulnerability exists due to a NULL
      pointer deference flaw when handling Network File Copy
      (NFC) traffic. An unauthenticated, remote attacker can
      exploit this by intercepting and modifying the traffic
      between the ESX / ESXi host and the client.
      (CVE-2014-1207)

    - A flaw exists due to improper handling of invalid
      ports. An unauthenticated attacker on an adjacent
      network can exploit this to cause VMX processing to
      fail, resulting in a partial denial of service.
      (CVE-2014-1208)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0001");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000231.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 /
5.1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = '';

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
else
{
  esx = extract[1];
  ver = extract[2];
}

# fixed build numbers are the same for ESX and ESXi
fixes = make_array(
          "4.0", "1335992",
          "4.1", "1363503",
          "5.0", "1311175", #1311177 is "security only"
          "5.1", "1483097"
        );

sec_fixes = make_array(
              "5.0", "1311177"
             );

fix = FALSE;
fix = fixes[ver];
sec_fix = FALSE;
sec_fix = sec_fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);

if (build < fix)
{
  if (sec_fix)
    fix = fix + " / " + sec_fix;

  if (report_verbosity > 0)
  {
    report = '\n  Version         : ' + esx + " " + ver +
             '\n  Installed build : ' + build +
             '\n  Fixed build     : ' + fix +
             '\n';
    security_warning(port:port, extra:report);
  }
  else
    security_warning(port:port);

  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
VendorProductVersionCPE
vmwareesx4.0cpe:/o:vmware:esx:4.0
vmwareesx4.1cpe:/o:vmware:esx:4.1
vmwareesxi4.0cpe:/o:vmware:esxi:4.0
vmwareesxi4.1cpe:/o:vmware:esxi:4.1
vmwareesxi5.0cpe:/o:vmware:esxi:5.0
vmwareesxi5.1cpe:/o:vmware:esxi:5.1

Related

openvas 4
vmware 1
nessus 8
cve 2
prion 2
nvd 2
cvelist 2
openvas
openvas
VMSA-2014-0001 VMware ESXi address several security issues (remote check).
2014-01-20 00:00:00
VMware ESXi address several security issues (VMSA-2014-0001) - Remote Version Check
2014-01-20 00:00:00
VMware ESXi/ESX address several security issues (VMSA-2014-0001)
2014-01-20 00:00:00
vmware
vmware
VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
2014-01-16 00:00:00
nessus
nessus
VMSA-2014-0001 : VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
2014-01-17 00:00:00
VMware Workstation 9.x < 9.0.1 VMX Process DoS (VMSA-2014-0001)
2014-01-20 00:00:00
VMware Workstation 9.x < 9.0.1 VMX Process DoS (VMSA-2014-0001) (Linux)
2014-01-20 00:00:00
cve
cve
CVE-2014-1207
2014-01-17 21:55:19
CVE-2014-1208
2014-01-17 21:55:19
prion
prion
Null pointer dereference
2014-01-17 21:55:00
Design/Logic Flaw
2014-01-17 21:55:00
nvd
nvd
CVE-2014-1208
2014-01-17 21:55:19
CVE-2014-1207
2014-01-17 21:55:19
cvelist
cvelist
CVE-2014-1207
2014-01-17 19:00:00
CVE-2014-1208
2014-01-17 19:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.019

Percentile

88.7%

JSON
Related for VMWARE_VMSA-2014-0001_REMOTE.NASL
openvas4vmware1nessus8cve2prion2nvd2cvelist2