Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103467
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX patches resolve multiple security issues (VMSA-2010-0007)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2010-0007.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2010-0007.

Vulnerability Insight:
VMware hosted products, vCenter Server and ESX patches resolve multiple security issues:

a. Windows-based VMware Tools Unsafe Library Loading vulnerability

A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user.
This vulnerability is present only on Windows Guest Operating Systems.

b. Windows-based VMware Tools Arbitrary Code Execution vulnerability

A vulnerability in the way VMware executables are loaded allows for arbitrary code execution in the context of the logged on user.
This vulnerability is present only on Windows Guest Operating Systems.

c. Windows-based VMware Workstation and Player host privilege escalation

A vulnerability in the USB service allows for a privilege escalation. A local attacker on the host of a Windows-based Operating
System where VMware Workstation or VMware Player is installed could plant a malicious executable on the host and elevate their
privileges.

d. Third party library update for libpng to version 1.2.37

The libpng libraries through 1.2.35 contain an uninitialized-memory-read bug that may have security implications. Specifically,
1-bit (2-color) interlaced images whose widths are not divisible by 8 may result in several uninitialized bits at the end of
certain rows in certain interlace passes being returned to the user. An application that failed to mask these out-of-bounds
pixels might display or process them, albeit presumably with benign results in most cases.

e. VMware VMnc Codec heap overflow vulnerabilities

f. VMware Remote Console format string vulnerability

VMware Remote Console (VMrc) contains a format string vulnerability. Exploitation of this issue may lead to arbitrary code execution on
the system where VMrc is installed.

Under the following two conditions your version of VMrc is likely to be affected:

- the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0 without patch ESX400-200911223-UG and

- VMrc is installed on a Windows-based system

g. Windows-based VMware authd remote denial of service

A vulnerability in vmware-authd could cause a denial of service condition on Windows-based hosts. The denial of service is limited
to a crash of authd.

h. Potential information leak via hosted networking stack

A vulnerability in the virtual networking stack of VMware hosted products could allow host information disclosure.

i. Linux-based vmrun format string vulnerability

A format string vulnerability in vmrun could allow arbitrary code execution.

Vulnerability Impact:
a. Windows-based VMware Tools Unsafe Library Loading vulnerability

In order for an attacker to exploit the vulnerability, the attacker would need to lure the user that is logged on a Windows Guest
Operating System to click on the attacker's file on a network share. This file could be in any file format. The attacker will need
to have the ability to host their malicious files on a network share.

b. Windows-based VMware Tools Arbitrary Code Execution vulnerability

In order for an attacker to exploit the vulnerability, the attacker would need to be able to plant their malicious executable in a
certain location on the Virtual Machine of the user. On most recent versions of Windows (XP, Vista) the attacker would need to have
administrator privileges to plant the malicious executable in the right location.

c. Windows-based VMware Workstation and Player host privilege escalation

In order for an attacker to exploit the vulnerability, the attacker would need to be able to plant their malicious executable in a
certain location on the host machine. On most recent versions of Windows (XP, Vista) the attacker would need to have administrator
privileges to plant the malicious executable in the right location.

e. VMware VMnc Codec heap overflow vulnerabilities

Vulnerabilities in the decoder allow for execution of arbitrary code with the privileges of the user running an application
utilizing the vulnerable codec.

For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on
a system that has the vulnerable version of the VMnc codec installed.

f. VMware Remote Console format string vulnerability

For an attack to be successful, an attacker would need to trick the VMrc user into opening a malicious Web page or following a malicious
URL. Code execution would be at the privilege level of the user.

h. Potential information leak via hosted networking stack

A guest operating system could send memory from the host vmware-vmx process to the virtual network adapter and potentially to the
host's physical Ethernet wire.

i. Linux-based vmrun format string vulnerability

If a vmrun command is issued and processes are listed, code could be executed in the context of the user listing the processes.

Affected Software/OS:
VMware ESXi 4.0 before patch ESXi400-201002402-BG

VMware ESXi 3.5 before patch ESXe350-200912401-T-BG

VMware ESX 4.0 without patches ESX400-201002401-BG, ESX400-200911223-UG

VMware ESX 3.5 without patch ESX350-200912401-BG

VMware ESX 3.0.3 without patch ESX303-201002203-UG

VMware ESX 2.5.5 without Upgrade Patch 15

Solution:
Apply the missing patch(es).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-1142
BugTraq ID: 39394
http://www.securityfocus.com/bid/39394
Bugtraq: 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
http://www.securitytracker.com/id?1023832
http://www.securitytracker.com/id?1023833
http://secunia.com/advisories/39198
http://secunia.com/advisories/39206
Common Vulnerability Exposure (CVE) ID: CVE-2010-1140
BugTraq ID: 39397
http://www.securityfocus.com/bid/39397
http://securitytracker.com/id?1023834
Common Vulnerability Exposure (CVE) ID: CVE-2009-2042
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 35233
http://www.securityfocus.com/bid/35233
Debian Security Information: DSA-2032 (Google Search)
http://www.debian.org/security/2010/dsa-2032
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.html
http://security.gentoo.org/glsa/glsa-200906-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:063
http://secunia.com/advisories/35346
http://secunia.com/advisories/35470
http://secunia.com/advisories/35524
http://secunia.com/advisories/35594
http://secunia.com/advisories/39215
http://secunia.com/advisories/39251
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809
http://ubuntu.com/usn/usn-913-1
http://www.vupen.com/english/advisories/2009/1510
http://www.vupen.com/english/advisories/2010/0637
http://www.vupen.com/english/advisories/2010/0682
http://www.vupen.com/english/advisories/2010/0847
XForce ISS Database: libpng-interlaced-image-info-disclosure(50966)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50966
Common Vulnerability Exposure (CVE) ID: CVE-2009-1564
BugTraq ID: 39363
http://www.securityfocus.com/bid/39363
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866
http://secunia.com/secunia_research/2009-36/
http://osvdb.org/63614
http://www.securitytracker.com/id?1023838
http://secunia.com/advisories/36712
Common Vulnerability Exposure (CVE) ID: CVE-2009-1565
BugTraq ID: 39364
http://www.securityfocus.com/bid/39364
http://secunia.com/secunia_research/2009-37/
http://www.osvdb.org/63615
Common Vulnerability Exposure (CVE) ID: CVE-2009-3732
http://secunia.com/advisories/39110
Common Vulnerability Exposure (CVE) ID: CVE-2009-3707
BugTraq ID: 36630
http://www.securityfocus.com/bid/36630
http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt
http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php
http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html
http://securitytracker.com/id?1022997
http://secunia.com/advisories/36988
Common Vulnerability Exposure (CVE) ID: CVE-2010-1138
BugTraq ID: 39395
http://www.securityfocus.com/bid/39395
http://osvdb.org/63607
http://www.securitytracker.com/id?1023836
http://secunia.com/advisories/39203
Common Vulnerability Exposure (CVE) ID: CVE-2010-1139
BugTraq ID: 39407
http://www.securityfocus.com/bid/39407
http://osvdb.org/63606
http://www.securitytracker.com/id?1023835
http://secunia.com/advisories/39201
Common Vulnerability Exposure (CVE) ID: CVE-2010-1141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.