Vulnerabilities > CVE-2014-1208 - Local Denial Of Service vulnerability in Multiple VMWare Products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 14 | |
| Application | 3 |
Nessus
NASL family Misc. NASL id VMWARE_VMSA-2014-0001_REMOTE.NASL description The remote VMware ESX / ESXi host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to a NULL pointer deference flaw when handling Network File Copy (NFC) traffic. An unauthenticated, remote attacker can exploit this by intercepting and modifying the traffic between the ESX / ESXi host and the client. (CVE-2014-1207) - A flaw exists due to improper handling of invalid ports. An unauthenticated attacker on an adjacent network can exploit this to cause VMX processing to fail, resulting in a partial denial of service. (CVE-2014-1208) last seen 2020-06-01 modified 2020-06-02 plugin id 87673 published 2015-12-30 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87673 title VMware ESX / ESXi Multiple DoS (VMSA-2014-0001) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87673); script_version("1.4"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id( "CVE-2014-1207", "CVE-2014-1208" ); script_bugtraq_id( 64994, 64995 ); script_xref(name:"VMSA", value:"2014-0001"); script_name(english:"VMware ESX / ESXi Multiple DoS (VMSA-2014-0001)"); script_summary(english:"Checks the version and build numbers of the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to a NULL pointer deference flaw when handling Network File Copy (NFC) traffic. An unauthenticated, remote attacker can exploit this by intercepting and modifying the traffic between the ESX / ESXi host and the client. (CVE-2014-1207) - A flaw exists due to improper handling of invalid ports. An unauthenticated attacker on an adjacent network can exploit this to cause VMX processing to fail, resulting in a partial denial of service. (CVE-2014-1208)"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0001"); script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000231.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 / 5.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); esx = ''; if ("ESX" >!< rel) audit(AUDIT_OS_NOT, "VMware ESX/ESXi"); extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver); if (isnull(extract)) audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi"); else { esx = extract[1]; ver = extract[2]; } # fixed build numbers are the same for ESX and ESXi fixes = make_array( "4.0", "1335992", "4.1", "1363503", "5.0", "1311175", #1311177 is "security only" "5.1", "1483097" ); sec_fixes = make_array( "5.0", "1311177" ); fix = FALSE; fix = fixes[ver]; sec_fix = FALSE; sec_fix = sec_fixes[ver]; # get the build before checking the fix for the most complete audit trail extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel); if (isnull(extract)) audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver); build = int(extract[1]); # if there is no fix in the array, fix is FALSE if (!fix) audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build); if (build < fix) { if (sec_fix) fix = fix + " / " + sec_fix; if (report_verbosity > 0) { report = '\n Version : ' + esx + " " + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port:port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);NASL family Windows NASL id VMWARE_WORKSTATION_DOS_VMSA_2014_0001.NASL description The version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.1. It is, therefore, reportedly affected by a denial of service vulnerability due to an issue with handling invalid ports that could allow a guest user to crash the VMX process. last seen 2020-06-01 modified 2020-06-02 plugin id 72040 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72040 title VMware Workstation 9.x < 9.0.1 VMX Process DoS (VMSA-2014-0001) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_1311177_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. (CVE-2013-0166, CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities. An attacker can exploit this to cause a denial of service. (CVE-2013-0338) - An unspecified error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 70879 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70879 title ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check) NASL family Windows NASL id VMWARE_PLAYER_DOS_VMSA_2014_0001.NASL description The installed version of VMware Player 5.x running on the remote Windows host is a version prior to 5.0.1. It is, therefore, reportedly affected by a denial of service vulnerability due to an issue with handling invalid ports that could allow a guest user to crash the VMX process. last seen 2020-06-01 modified 2020-06-02 plugin id 72038 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72038 title VMware Player 5.x < 5.0.1 VMX Process DoS (VMSA-2014-0001) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2014-0001.NASL description a. VMware ESXi and ESX NFC NULL pointer dereference VMware ESXi and ESX contain a NULL pointer dereference in the handling of the Network File Copy (NFC) traffic. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1207 to this issue. b. VMware VMX process denial of service vulnerability Due to a flaw in the handling of invalid ports, it is possible to cause the VMX process to fail. This vulnerability may allow a guest user to affect the VMX process resulting in a partial denial of service on the host. VMware would like to thank Recurity Labs GmbH and the Bundesamt Sicherheit in der Informationstechnik (BSI) for reporting this issue to us The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1208 to this issue. c. VMware vCloud Director Cross Site Request Forgery (CSRF) VMware vCloud Director contains a vulnerability in the Hyper Text Transfer Protocol (http) session management. An attacker may trick an authenticated user to click a malicious link, which would result in the user being logged out. The user is able to immediately log back into the system. VMware would like to thank Mattia Folador for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1211 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 72006 published 2014-01-17 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72006 title VMSA-2014-0001 : VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_5_0_1.NASL description The version of VMware Fusion 5.x installed on the remote Mac OS X host is prior to 5.0.1. It is, therefore, reportedly affected by a denial of service vulnerability due to an issue with handling invalid ports that could allow a guest user to crash the VMX process. last seen 2020-06-01 modified 2020-06-02 plugin id 72036 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72036 title VMware Fusion 5.x < 5.0.1 VMX Process DoS (VMSA-2014-0001) NASL family General NASL id VMWARE_WORKSTATION_LINUX_9_0_1.NASL description The installed version of VMware Workstation 9.x is prior to 9.0.1. It is, therefore, affected by a denial of service vulnerability due to an issue with handling invalid ports that could allow a guest user to crash the VMX process. last seen 2020-06-01 modified 2020-06-02 plugin id 72041 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72041 title VMware Workstation 9.x < 9.0.1 VMX Process DoS (VMSA-2014-0001) (Linux) NASL family General NASL id VMWARE_PLAYER_LINUX_5_0_1.NASL description The installed version of VMware Player 5.x running on the remote Linux host is a version prior to 5.0.1. It is, therefore, affected by a denial of service vulnerability due to an issue with handling invalid ports that could allow a guest user to crash the VMX process. last seen 2020-06-01 modified 2020-06-02 plugin id 72039 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72039 title VMware Player 5.x < 5.0.1 VMX Process DoS (VMSA-2014-0001) (Linux) NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_1483097_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338) - A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207) - A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208) last seen 2020-06-01 modified 2020-06-02 plugin id 72037 published 2014-01-20 reporter This script is (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72037 title ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)
References
- http://osvdb.org/102197
- http://secunia.com/advisories/56499
- http://www.securityfocus.com/bid/64994
- http://www.securitytracker.com/id/1029643
- http://www.securitytracker.com/id/1029644
- http://www.vmware.com/security/advisories/VMSA-2014-0001.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90558