Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103458
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX address several security issues (VMSA-2012-0006)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2012-0006.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2012-0006.

Vulnerability Insight:
VMware ESXi and ESX address several security issues.

a. VMware ROM Overwrite Privilege Escalation

A flaw in the way port-based I/O is handled allows for modifying Read-Only
Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may
lead to privilege escalation on Guest Operating Systems that run Windows 2000,
Windows XP 32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2
32-bit.

b. ESX third party update for Service Console kernel

The ESX Service Console Operating System (COS) kernel is updated to
kernel-400.2.6.18-238.4.11.591731 to fix multiple security issues in the COS
kernel.

c. ESX third party update for Service Console krb5 RPM

This patch updates the krb5-libs and krb5-workstation RPMs to version
1.6.1-63.el5_7 to resolve a security issue.

Affected Software/OS:
ESXi 4.1 without patch ESXi410-201101201-SG

ESXi 4.0 without patch ESXi400-201203401-SG

ESXi 3.5 without patch ESXe350-201203401-I-SG

ESX 4.1 without patch ESX410-201101201-SG

ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG

ESX 3.5 without patch ESX350-201203401-SG

Solution:
Apply the missing patch(es).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1515
BugTraq ID: 52820
http://www.securityfocus.com/bid/52820
Cert/CC Advisory: TA12-164A
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
Microsoft Security Bulletin: MS12-042
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15209
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17110
http://www.securitytracker.com/id?1026875
XForce ISS Database: vmware-esxserver-io-privilege-escalation(74480)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74480
Common Vulnerability Exposure (CVE) ID: CVE-2011-2482
http://www.openwall.com/lists/oss-security/2011/08/30/1
RedHat Security Advisories: RHSA-2011:1212
http://rhn.redhat.com/errata/RHSA-2011-1212.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-3191
http://www.openwall.com/lists/oss-security/2011/08/24/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-4348
http://www.openwall.com/lists/oss-security/2012/03/05/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-4862
Bugtraq: 20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
Debian Security Information: DSA-2372 (Google Search)
http://www.debian.org/security/2011/dsa-2372
Debian Security Information: DSA-2373 (Google Search)
http://www.debian.org/security/2011/dsa-2373
Debian Security Information: DSA-2375 (Google Search)
http://www.debian.org/security/2011/dsa-2375
http://www.exploit-db.com/exploits/18280/
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
FreeBSD Security Advisory: FreeBSD-SA-11:08
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
http://osvdb.org/78020
http://www.redhat.com/support/errata/RHSA-2011-1851.html
http://www.redhat.com/support/errata/RHSA-2011-1852.html
http://www.redhat.com/support/errata/RHSA-2011-1853.html
http://www.redhat.com/support/errata/RHSA-2011-1854.html
http://www.securitytracker.com/id?1026460
http://www.securitytracker.com/id?1026463
http://secunia.com/advisories/46239
http://secunia.com/advisories/47341
http://secunia.com/advisories/47348
http://secunia.com/advisories/47357
http://secunia.com/advisories/47359
http://secunia.com/advisories/47373
http://secunia.com/advisories/47374
http://secunia.com/advisories/47397
http://secunia.com/advisories/47399
http://secunia.com/advisories/47441
SuSE Security Announcement: SUSE-SU-2012:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
SuSE Security Announcement: SUSE-SU-2012:0018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
SuSE Security Announcement: SUSE-SU-2012:0024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
SuSE Security Announcement: SUSE-SU-2012:0042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
SuSE Security Announcement: SUSE-SU-2012:0050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:0056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
SuSE Security Announcement: openSUSE-SU-2012:0019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
SuSE Security Announcement: openSUSE-SU-2012:0051 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
XForce ISS Database: multiple-telnetd-bo(71970)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.