Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX patches address several security issues (VMSA-2012-0005)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.
The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.

Vulnerability Insight:
a. VMware Tools Display Driver Privilege Escalation

The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display
driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege
escalation on Windows-based Guest Operating Systems.

b. vSphere Client internal browser input validation vulnerability

The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't
properly sanitize input and may run script that is introduced into the log files. In order for the script to
run, the user would need to open an individual, malicious log file entry. The script would run with the
permissions of the user that runs the vSphere Client.

c. vCenter Orchestrator Password Disclosure

The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the
webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.

d. vShield Manager Cross-Site Request Forgery vulnerability

The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince
an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated
request to the server.

e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30

Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier
releases of Oracle (Sun) JRE.

f. vCenter Server Apache Tomcat update 6.0.35

Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.

g. ESXi update to third party component bzip2

The bzip2 library is updated to version 1.0.6, which resolves a security issue.

Affected Software/OS:
ESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG

ESXi 4.1 without patch ESXi410-201110202-UG

ESXi 4.0 without patch ESXi400-201110402-BG

ESX 4.1 without patch ESX410-201110201-SG

ESX 4.0 without patch ESX400-201110401-SG

Apply the missing patch(es).

CVSS Score:

CVSS Vector:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1508
BugTraq ID: 52524
Bugtraq: 20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2012-1509
XForce ISS Database: vmware-view-xpdm-priv-esc(74096)
Common Vulnerability Exposure (CVE) ID: CVE-2012-1510
XForce ISS Database: vmware-wddm-priv-esc(74097)
Common Vulnerability Exposure (CVE) ID: CVE-2012-1512
BugTraq ID: 52525
XForce ISS Database: vsphere-client-xss(74093)
Common Vulnerability Exposure (CVE) ID: CVE-2012-1513
XForce ISS Database: vcenter-config-tool-info-disc(74091)
Common Vulnerability Exposure (CVE) ID: CVE-2012-1514
XForce ISS Database: vshield-manager-csrf(74092)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3190
BugTraq ID: 49353
Bugtraq: 20110829 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure (Google Search)
Debian Security Information: DSA-2401 (Google Search)
HPdes Security Advisory: HPSBOV02762
HPdes Security Advisory: HPSBST02955
HPdes Security Advisory: HPSBUX02725
HPdes Security Advisory: HPSBUX02860
HPdes Security Advisory: SSRT100627
HPdes Security Advisory: SSRT100825
HPdes Security Advisory: SSRT101146
XForce ISS Database: tomcat-ajp-security-bypass(69472)
Common Vulnerability Exposure (CVE) ID: CVE-2011-3375
Common Vulnerability Exposure (CVE) ID: CVE-2012-0022
BugTraq ID: 51447
Bugtraq: 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service (Google Search)
HPdes Security Advisory: HPSBMU02747
HPdes Security Advisory: HPSBUX02741
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100771
RedHat Security Advisories: RHSA-2012:0074
RedHat Security Advisories: RHSA-2012:0075
RedHat Security Advisories: RHSA-2012:0076
RedHat Security Advisories: RHSA-2012:0077
RedHat Security Advisories: RHSA-2012:0078
RedHat Security Advisories: RHSA-2012:0325
RedHat Security Advisories: RHSA-2012:0345
RedHat Security Advisories: RHSA-2012:1331
XForce ISS Database: apache-tomcat-parameter-dos(72425)
Common Vulnerability Exposure (CVE) ID: CVE-2010-0405
Bugtraq: 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console (Google Search)
SuSE Security Announcement: SUSE-SR:2010:018 (Google Search)
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.