Vulnerabilities > CVE-2012-6326 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare Vcenter Server and Vcenter Server Appliance
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large log entries.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0018.NASL description a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63332 published 2012-12-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63332 title VMSA-2012-0018 : VMware security updates for vCSA and ESXi code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2012-0018. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(63332); script_version("1.22"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609", "CVE-2012-0864", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-6324", "CVE-2012-6325", "CVE-2012-6326"); script_bugtraq_id(40063, 46740, 50898, 51439, 52201, 54374, 54982, 57021, 57022, 58139); script_xref(name:"VMSA", value:"2012-0018"); script_name(english:"VMSA-2012-0018 : VMware security updates for vCSA and ESXi"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESXi host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2013/000212.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2012-12-20"); flag = 0; if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++; if (esx_check(ver:"ESXi 5.0", vib:"VMware:tools-light:5.0.0-1.25.912577")) flag++; if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-base:5.1.0-0.11.1063671")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2012-0018.NASL description The version of VMware vCenter installed on the remote host is 4.1 before update 3 or 5.0 before Update 2. Such versions are potentially affected by a denial of service vulnerability due to an issue in webservice logging. By exploiting this flaw, a remote, unauthenticated attacker could crash the affected host. last seen 2020-06-01 modified 2020-06-02 plugin id 65209 published 2013-03-12 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65209 title VMware vCenter Server Denial of Service (VMSA-2012-0018) code # # (C) Tenable Network Security, Inc. # if (!defined_func("nasl_level") || nasl_level() < 5000) exit(0, "Nessus older than 5.x"); include("compat.inc"); if (description) { script_id(65209); script_version("1.5"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-6326"); script_bugtraq_id(58139); script_xref(name:"VMSA", value:"2012-0018"); script_name(english:"VMware vCenter Server Denial of Service (VMSA-2012-0018)"); script_summary(english:"Checks version of VMware vCenter"); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization management application installed that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware vCenter installed on the remote host is 4.1 before update 3 or 5.0 before Update 2. Such versions are potentially affected by a denial of service vulnerability due to an issue in webservice logging. By exploiting this flaw, a remote, unauthenticated attacker could crash the affected host."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2012-0018.html"); script_set_attribute(attribute:"solution", value:"Upgrade to VMware vCenter 4.1 Update 3 or 5.0 Update 2."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vcenter_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vcenter_detect.nbin"); script_require_keys("Host/VMware/vCenter", "Host/VMware/version", "Host/VMware/release"); script_require_ports("Services/www", 80, 443); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); port = get_kb_item_or_exit("Host/VMware/vCenter"); version = get_kb_item_or_exit("Host/VMware/version"); release = get_kb_item_or_exit("Host/VMware/release"); fixversion = ""; if (version =~ '^VMware vCenter 4\\.1$') { build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\.]+ build-([0-9]+)$', string:release, replace:"\1"); # Make sure we extracted the build number correctly if (build =~ '^[0-9]+$') { if (int(build) < 799345) fixversion = '4.1.0 build-799345'; } else exit(1, 'Failed to extract the build number from the release string.'); } else if (version =~ '^VMware vCenter 5\\.0$') { build = ereg_replace(pattern:'^VMware vCenter Server [0-9\\.]+ build-([0-9]+)$', string:release, replace:"\1"); # Make sure we extracted the build number correctly if (build =~ '^[0-9]+$') { if (int(build) < 913577) fixversion = '5.0.0 build-913577'; } else exit(1, 'Failed to extract the build number from the release string.'); } if (fixversion) { if (report_verbosity > 0) { release = release - 'VMware vCenter Server '; report = '\n Installed version : ' + release + '\n Fixed version : ' + fixversion + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else { release = release - 'VMware vCenter Server '; audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release); }