Vulnerabilities > CVE-2013-1659 - Memory Corruption vulnerability in VMWare Esxi, Vcenter Server and Vcenter Server Appliance
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 | |
| OS | 14 |
Nessus
NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_911593_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An input validation error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 70888 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70888 title ESXi 5.1 < Build 911593 Multiple Vulnerabilities (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70888); script_version("1.11"); script_cvs_date("Date: 2019/09/24 15:02:54"); script_cve_id("CVE-2011-3048", "CVE-2013-1406", "CVE-2013-1659"); script_bugtraq_id(52830, 57867, 58115); script_xref(name:"VMSA", value:"2013-0002"); script_xref(name:"VMSA", value:"2013-0003"); script_name(english:"ESXi 5.1 < Build 911593 Multiple Vulnerabilities (remote check)"); script_summary(english:"Checks ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An input validation error exists in the function 'png_set_text_2' in the libpng library that could allow memory corruption and arbitrary code execution. (CVE-2011-3048) - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI). A local attacker can exploit this, via control code, to change allocated memory, resulting in the escalation of privileges. (CVE-2013-1406) - An error exists related to Network File Copy (NFC) handling that could allow denial of service attacks or arbitrary code execution. (CVE-2013-1659)"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2035775 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7be12280"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2013-0002.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0003.html"); script_set_attribute(attribute:"solution", value:"Apply ESXi510-201212001-SG."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Misc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 5.1" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.1"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) exit(1, 'Failed to extract the ESXi build number.'); build = int(match[1]); fixed_build = 911593; if (build < fixed_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else exit(0, "The host has "+ver+" build "+build+" and thus is not affected.");NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2013-0003.NASL description a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client. Exploitation of the issue may lead to code execution. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1659 to this issue. b. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38 Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update Advisory of October 2012. c. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version openssl-0.9.7a.33.28.i686 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 64812 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64812 title VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues. NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the last seen 2020-06-01 modified 2020-06-02 plugin id 70885 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70885 title ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check) NASL family Misc. NASL id VMWARE_ESX_VMSA-2013-0003_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Java Runtime Environment (JRE) - Network File Copy (NFC) Protocol - OpenSSL last seen 2020-06-01 modified 2020-06-02 plugin id 89663 published 2016-03-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89663 title VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check) NASL family Misc. NASL id VMWARE_VCENTER_VMSA-2013-0003.NASL description The version of VMware vCenter installed on the remote host is 4.0 before update 4b, 5.0 before update 2, or 5.1 before 5.1.0b. Such versions are potentially affected by a denial of service vulnerability due to an issue in webservice logging. By exploiting this flaw, a remote, unauthenticated attacker could crash the affected host. last seen 2020-06-01 modified 2020-06-02 plugin id 65223 published 2013-03-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65223 title VMware vCenter Server NFC Protocol Code Execution (VMSA-2013-0003)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 58115 CVE(CAN) ID: CVE-2013-1659 VMware vCenter是VMware vSphere套件中一个强大的主机和虚拟机集中管理组件。VMware ESX Server是为适用于任何系统环境的企业级虚拟计算机软件。 VMware vCenter, ESXi, ESX NFC在处理NFC协议时存在安全漏洞,要利用此漏洞攻击者必须截获并修改vCenter Server与客户端或ESXi/ESX与客户端之间的NFC通讯。成功利用此漏洞可导致代码执行。 0 VMWare ESX 4.1 VMWare ESX 4.0 VMWare ESX 3.5 VMWare ESXi 5.0 VMWare ESXi 4.1 VMWare ESXi 4.0 VMWare ESXi 3.5 厂商补丁: VMWare ------ VMWare已经为此发布了一个安全公告(VMSA-2013-0003)以及相应补丁: VMSA-2013-0003:VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. 链接:http://www.vmware.com/security/advisories/VMSA-2013-0003.html 补丁下载: vCenter Server 5.1.0 --------------------------- Download link: https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_1 Release Notes: https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-510b-release-notes.html vCenter Server 5.0 --------------------------- Download link: https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0 Release Notes: https://www.vmware.com/support/vsphere5/doc/vsp_vc50_u2_rel_notes.html vCenter Server 4.0 --------------------------- Download link: https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0 Release Notes: https://www.vmware.com/support/vsphere4/doc/vsp_vc40_u4b_rel_notes.html VirtualCenter 2.5 --------------------------- Download link: http://downloads.vmware.com/d/info/datacenter_downloads/vmware_infrastructure_3/3_5 Release Notes: https://www.vmware.com/support/vi3/doc/vi3_vc25u6c_rel_notes.html ESXi and ESX ------------ https://www.vmware.com/patchmgr/download.portal ESXi 5.1 -------- File: ESXi510-201212001.zip md5sum: 81d562c00942973f13520afac4868748 sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786 http://kb.vmware.com/kb/2035775 ESXi510-201212001 contains ESXi510-201212102-SG ESXi 5.0 ------------------ File: update-from-esxi5.0-5.0_update02.zip md5sum: ab8f7f258932a39f7d3e7877787fd198 sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334 http://kb.vmware.com/kb/2033751 update-from-esxi5.0-5.0_update02 contains ESXi500-201212102-SG ESXi 4.1 ------------------ File: ESXi410-201211001.zip md5sum: f7da5cd52d3c314abc31fe7aef4e50d3 sha1sum: a4d2232723717d896ff3b0879b0bdb3db823c0a1 http://kb.vmware.com/kb/2036257 ESXi410-201211001 contains ESXi410-201211402-BG ESXi 4.0 ------------------ File: ESXi400-201302001.zip md5sum: 8fca17ca97669dd1d34c34902e8e7ddf sha1sum: 51d76922eb7116810622acdd611f3029237a5680 http://kb.vmware.com/kb/2041344 ESXi400-201302001 contains ESXi400-201302402-SG ESXi 3.5 -------- File: ESXe350-201302401-O-SG.zip md5sum: a2c5f49bc865625b3796c41c202d1696 sha1sum: 12d25011d9940ea40d45f77a4e5bcc7e7b0c0cee http://kb.vmware.com/kb/2042543 ESXe350-201302401-O-SG.zip contains ESXe350-201302401-I-SG and ESXe350-201302403-C-SG ESX 4.1 -------- File: ESX410-201211001.zip md5sum: c167bccc388661e329fc494df13855c3 sha1sum: a8766b2eff68813a262d21a6a6ebeaae62e58c98 http://kb.vmware.com/kb/2036254 ESX410-201211001 contains ESX410-201211401-SG ESX 4.0 -------- File: ESX400-201302001.zip md5sum: 5ca4276e97c19b832d778e17e5f4ba64 sha1sum: 8d73cf062d8b23bd23f9b85d23f97f2888e4612f http://kb.vmware.com/kb/2041343 ESX400-201302001 contains ESX400-201302401-SG ESX 3.5 -------- File: ESX350-201302401-SG.zip md5sum: e703cb0bc3e1eaa8932a96ea96f34a00 sha1sum: 91dcf1bf7194a289652d0904dd7af8bce0a1d2dd http://kb.vmware.com/kb/2042541 |
| id | SSV:60646 |
| last seen | 2017-11-19 |
| modified | 2013-02-28 |
| published | 2013-02-28 |
| reporter | Root |
| title | VMware vCenter, ESXi, ESX NFC协议内存破坏漏洞 |