Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103453
Kategorie:VMware Local Security Checks
Titel:VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm (VMSA-2011-0004.3)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.

Vulnerability Insight:
Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates
for bind, pam, and rpm.

a. Service Location Protocol daemon DoS

This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD).

b. Service Console update for bind

This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security
issues.

c. Service Console update for pam

This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules.

d. Service Console update for rpm, rpm-libs, rpm-python, and popt

This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which
resolves a security issue.

Vulnerability Impact:
a. Service Location Protocol daemon DoS

Exploitation of this vulnerability could cause SLPD to consume significant CPU resources.

Affected Software/OS:
VMware ESXi 4.1 without patch ESXi410-201101201-SG

VMware ESXi 4.0 without patch ESXi400-201103401-SG

VMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG

VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG

Solution:
Apply the missing patch(es).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3613
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 45133
http://www.securityfocus.com/bid/45133
Bugtraq: 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. (Google Search)
http://www.securityfocus.com/archive/1/516909/100/0/threaded
CERT/CC vulnerability note: VU#706148
http://www.kb.cert.org/vuls/id/706148
Debian Security Information: DSA-2130 (Google Search)
http://www.debian.org/security/2010/dsa-2130
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html
HPdes Security Advisory: HPSBUX02655
http://marc.info/?l=bugtraq&m=130270720601677&w=2
HPdes Security Advisory: SSRT100353
http://www.mandriva.com/security/advisories?name=MDVSA-2010:253
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
NETBSD Security Advisory: NetBSD-SA2011-001
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc
http://www.osvdb.org/69558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601
http://www.redhat.com/support/errata/RHSA-2010-0975.html
http://www.redhat.com/support/errata/RHSA-2010-0976.html
http://www.redhat.com/support/errata/RHSA-2010-1000.html
http://securitytracker.com/id?1024817
http://secunia.com/advisories/42374
http://secunia.com/advisories/42459
http://secunia.com/advisories/42522
http://secunia.com/advisories/42671
http://secunia.com/advisories/42707
http://secunia.com/advisories/43141
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190
http://www.ubuntu.com/usn/USN-1025-1
http://www.vupen.com/english/advisories/2010/3102
http://www.vupen.com/english/advisories/2010/3103
http://www.vupen.com/english/advisories/2010/3138
http://www.vupen.com/english/advisories/2010/3139
http://www.vupen.com/english/advisories/2010/3140
http://www.vupen.com/english/advisories/2011/0267
http://www.vupen.com/english/advisories/2011/0606
Common Vulnerability Exposure (CVE) ID: CVE-2010-3614
BugTraq ID: 45137
http://www.securityfocus.com/bid/45137
CERT/CC vulnerability note: VU#837744
http://www.kb.cert.org/vuls/id/837744
http://www.osvdb.org/69559
http://secunia.com/advisories/42435
Common Vulnerability Exposure (CVE) ID: CVE-2010-3762
BugTraq ID: 45385
http://www.securityfocus.com/bid/45385
Common Vulnerability Exposure (CVE) ID: CVE-2010-3316
http://security.gentoo.org/glsa/glsa-201206-31.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:220
https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663
http://openwall.com/lists/oss-security/2010/08/16/2
http://openwall.com/lists/oss-security/2010/09/21/3
http://openwall.com/lists/oss-security/2010/09/21/8
http://www.openwall.com/lists/oss-security/2010/09/24/2
http://openwall.com/lists/oss-security/2010/09/27/4
http://openwall.com/lists/oss-security/2010/09/27/5
http://openwall.com/lists/oss-security/2010/09/27/10
http://openwall.com/lists/oss-security/2010/09/27/7
http://openwall.com/lists/oss-security/2010/10/25/2
http://www.redhat.com/support/errata/RHSA-2010-0819.html
http://www.redhat.com/support/errata/RHSA-2010-0891.html
http://secunia.com/advisories/49711
Common Vulnerability Exposure (CVE) ID: CVE-2010-3435
http://openwall.com/lists/oss-security/2010/09/27/8
Common Vulnerability Exposure (CVE) ID: CVE-2010-3853
Common Vulnerability Exposure (CVE) ID: CVE-2010-2059
http://www.mandriva.com/security/advisories?name=MDVSA-2010:180
http://www.openwall.com/lists/oss-security/2010/06/02/2
http://www.openwall.com/lists/oss-security/2010/06/02/3
http://marc.info/?l=oss-security&m=127559059928131&w=2
http://www.openwall.com/lists/oss-security/2010/06/03/5
http://www.openwall.com/lists/oss-security/2010/06/04/1
http://www.osvdb.org/65143
http://www.redhat.com/support/errata/RHSA-2010-0679.html
http://secunia.com/advisories/40028
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3609
BugTraq ID: 46772
http://www.securityfocus.com/bid/46772
CERT/CC vulnerability note: VU#393783
http://www.kb.cert.org/vuls/id/393783
https://security.gentoo.org/glsa/201707-05
http://www.mandriva.com/security/advisories?name=MDVSA-2012:141
http://www.mandriva.com/security/advisories?name=MDVSA-2013:111
http://www.osvdb.org/71019
http://securitytracker.com/id?1025168
http://secunia.com/advisories/43601
http://secunia.com/advisories/43742
http://securityreason.com/securityalert/8127
http://www.vupen.com/english/advisories/2011/0729
XForce ISS Database: vmware-esxserver-slpd-dos(65931)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.