Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103457
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX patches address several security issues (VMSA-2012-0005)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2012-0005.

Vulnerability Insight:
a. VMware Tools Display Driver Privilege Escalation

The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display
driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege
escalation on Windows-based Guest Operating Systems.

b. vSphere Client internal browser input validation vulnerability

The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't
properly sanitize input and may run script that is introduced into the log files. In order for the script to
run, the user would need to open an individual, malicious log file entry. The script would run with the
permissions of the user that runs the vSphere Client.

c. vCenter Orchestrator Password Disclosure

The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the
webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.

d. vShield Manager Cross-Site Request Forgery vulnerability

The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince
an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated
request to the server.

e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30

Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier
releases of Oracle (Sun) JRE.

f. vCenter Server Apache Tomcat update 6.0.35

Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.

g. ESXi update to third party component bzip2

The bzip2 library is updated to version 1.0.6, which resolves a security issue.

Affected Software/OS:
ESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG

ESXi 4.1 without patch ESXi410-201110202-UG

ESXi 4.0 without patch ESXi400-201110402-BG

ESX 4.1 without patch ESX410-201110201-SG

ESX 4.0 without patch ESX400-201110401-SG

Solution:
Apply the missing patch(es).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1508
BugTraq ID: 52524
http://www.securityfocus.com/bid/52524
Bugtraq: 20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html
http://osvdb.org/80115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17183
http://www.securitytracker.com/id?1026814
http://www.securitytracker.com/id?1026818
http://secunia.com/advisories/48378
http://secunia.com/advisories/48379
Common Vulnerability Exposure (CVE) ID: CVE-2012-1509
http://osvdb.org/80116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17151
XForce ISS Database: vmware-view-xpdm-priv-esc(74096)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74096
Common Vulnerability Exposure (CVE) ID: CVE-2012-1510
http://osvdb.org/80117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17258
XForce ISS Database: vmware-wddm-priv-esc(74097)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74097
Common Vulnerability Exposure (CVE) ID: CVE-2012-1512
BugTraq ID: 52525
http://www.securityfocus.com/bid/52525
http://osvdb.org/80119
http://www.securitytracker.com/id?1026817
http://secunia.com/advisories/48387
XForce ISS Database: vsphere-client-xss(74093)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74093
Common Vulnerability Exposure (CVE) ID: CVE-2012-1513
http://osvdb.org/80120
http://www.securitytracker.com/id?1026816
http://secunia.com/advisories/48408
XForce ISS Database: vcenter-config-tool-info-disc(74091)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74091
Common Vulnerability Exposure (CVE) ID: CVE-2012-1514
http://osvdb.org/80121
http://www.securitytracker.com/id?1026815
http://secunia.com/advisories/48409
XForce ISS Database: vshield-manager-csrf(74092)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74092
Common Vulnerability Exposure (CVE) ID: CVE-2011-3190
BugTraq ID: 49353
http://www.securityfocus.com/bid/49353
Bugtraq: 20110829 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure (Google Search)
http://www.securityfocus.com/archive/1/519466/100/0/threaded
Debian Security Information: DSA-2401 (Google Search)
http://www.debian.org/security/2012/dsa-2401
HPdes Security Advisory: HPSBOV02762
http://marc.info/?l=bugtraq&m=133469267822771&w=2
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02725
http://marc.info/?l=bugtraq&m=132215163318824&w=2
HPdes Security Advisory: HPSBUX02860
http://marc.info/?l=bugtraq&m=136485229118404&w=2
HPdes Security Advisory: SSRT100627
HPdes Security Advisory: SSRT100825
HPdes Security Advisory: SSRT101146
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
http://www.securitytracker.com/id?1025993
http://secunia.com/advisories/45748
http://secunia.com/advisories/48308
http://secunia.com/advisories/49094
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/8362
XForce ISS Database: tomcat-ajp-security-bypass(69472)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
Common Vulnerability Exposure (CVE) ID: CVE-2011-3375
Common Vulnerability Exposure (CVE) ID: CVE-2012-0022
BugTraq ID: 51447
http://www.securityfocus.com/bid/51447
Bugtraq: 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html
HPdes Security Advisory: HPSBMU02747
http://marc.info/?l=bugtraq&m=133294394108746&w=2
HPdes Security Advisory: HPSBUX02741
http://marc.info/?l=bugtraq&m=132871655717248&w=2
HPdes Security Advisory: SSRT100728
HPdes Security Advisory: SSRT100771
http://www.mandriva.com/security/advisories?name=MDVSA-2012:085
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934
RedHat Security Advisories: RHSA-2012:0074
http://rhn.redhat.com/errata/RHSA-2012-0074.html
RedHat Security Advisories: RHSA-2012:0075
http://rhn.redhat.com/errata/RHSA-2012-0075.html
RedHat Security Advisories: RHSA-2012:0076
http://rhn.redhat.com/errata/RHSA-2012-0076.html
RedHat Security Advisories: RHSA-2012:0077
http://rhn.redhat.com/errata/RHSA-2012-0077.html
RedHat Security Advisories: RHSA-2012:0078
http://rhn.redhat.com/errata/RHSA-2012-0078.html
RedHat Security Advisories: RHSA-2012:0325
http://rhn.redhat.com/errata/RHSA-2012-0325.html
RedHat Security Advisories: RHSA-2012:0345
http://rhn.redhat.com/errata/RHSA-2012-0345.html
RedHat Security Advisories: RHSA-2012:1331
http://rhn.redhat.com/errata/RHSA-2012-1331.html
http://secunia.com/advisories/48213
http://secunia.com/advisories/48549
http://secunia.com/advisories/48790
http://secunia.com/advisories/48791
http://secunia.com/advisories/50863
XForce ISS Database: apache-tomcat-parameter-dos(72425)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72425
Common Vulnerability Exposure (CVE) ID: CVE-2010-0405
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Bugtraq: 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console (Google Search)
http://www.securityfocus.com/archive/1/515055/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html
http://security.gentoo.org/glsa/glsa-201301-05.xml
http://marc.info/?l=oss-security&m=128506868510655&w=2
http://www.redhat.com/support/errata/RHSA-2010-0703.html
http://www.redhat.com/support/errata/RHSA-2010-0858.html
http://secunia.com/advisories/41452
http://secunia.com/advisories/41505
http://secunia.com/advisories/42350
http://secunia.com/advisories/42404
http://secunia.com/advisories/42405
http://secunia.com/advisories/42529
http://secunia.com/advisories/42530
SuSE Security Announcement: SUSE-SR:2010:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://www.ubuntu.com/usn/usn-986-1
http://www.ubuntu.com/usn/USN-986-2
http://www.ubuntu.com/usn/USN-986-3
http://www.vupen.com/english/advisories/2010/2455
http://www.vupen.com/english/advisories/2010/3043
http://www.vupen.com/english/advisories/2010/3052
http://www.vupen.com/english/advisories/2010/3073
http://www.vupen.com/english/advisories/2010/3126
http://www.vupen.com/english/advisories/2010/3127
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.