Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103609
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX security updates (VMSA-2012-0016)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2012-0016.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2012-0016.

Vulnerability Insight:
VMware has updated the vSphere API to address a denial of service vulnerability
in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates.

a. VMware vSphere API denial of service vulnerability

The VMware vSphere API contains a denial of service vulnerability. This issue
allows an unauthenticated user to send a maliciously crafted API request and
disable the host daemon. Exploitation of the issue would prevent management
activities on the host but any virtual machines running on the host would be
unaffected.

b. VMware vSphere API denial of service vulnerability

The ESX service console bind packages are updated to the following versions:

bind-libs-9.3.6-20.P1.el5_8.2

bind-utils-9.3.6-20.P1.el5_8.2

These updates fix multiple security issues.

c. Update to ESX service console python packages

The ESX service console Python packages are updated to the following versions:

python-2.4.3-46.el5_8.2.x86_64

python-libs-2.4.3-46.el5_8.2.x86_64

These updates fix multiple security issues.

d. Update to ESX service console expat package

The ESX service console expat package is updated to expat-1.95.8-11.el5_8.

This update fixes multiple security issues.

e. Update to ESX service console nspr and nss packages

This patch updates the ESX service console Netscape Portable Runtime and
Network Security Services RPMs to versions nspr-4.9.1.4.el5_8 and
nss-3.13.5.4.9834, respectively, to resolve multiple security issues.

Affected Software/OS:
VMware ESXi 4.1 without patch ESXi410-201211401-SG

VMware ESX 4.1 without patches ESX410-201211401-SG, ESX410-201211402-SG, ESX410-201211405-SG, and ESX410-201211407-SG

Solution:
Apply the missing patch(es).

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-5703
BugTraq ID: 56571
http://www.securityfocus.com/bid/56571
http://www.coresecurity.com/content/vmware-esx-input-validation-error
http://www.securitytracker.com/id?1027782
Common Vulnerability Exposure (CVE) ID: CVE-2012-1033
BugTraq ID: 51898
http://www.securityfocus.com/bid/51898
CERT/CC vulnerability note: VU#542123
http://www.kb.cert.org/vuls/id/542123
HPdes Security Advisory: HPSBUX02835
http://marc.info/?l=bugtraq&m=135638082529878&w=2
HPdes Security Advisory: SSRT100763
http://osvdb.org/78916
RedHat Security Advisories: RHSA-2012:0717
http://rhn.redhat.com/errata/RHSA-2012-0717.html
http://www.securitytracker.com/id?1026647
http://secunia.com/advisories/47884
SuSE Security Announcement: openSUSE-SU-2012:0863 (Google Search)
https://hermes.opensuse.org/messages/15136456
SuSE Security Announcement: openSUSE-SU-2012:0864 (Google Search)
https://hermes.opensuse.org/messages/15136477
XForce ISS Database: isc-bind-update-sec-bypass(73053)
https://exchange.xforce.ibmcloud.com/vulnerabilities/73053
Common Vulnerability Exposure (CVE) ID: CVE-2012-1667
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
BugTraq ID: 53772
http://www.securityfocus.com/bid/53772
CERT/CC vulnerability note: VU#381699
http://www.kb.cert.org/vuls/id/381699
Debian Security Information: DSA-2486 (Google Search)
http://www.debian.org/security/2012/dsa-2486
HPdes Security Advisory: HPSBUX02795
http://marc.info/?l=bugtraq&m=134132772016230&w=2
HPdes Security Advisory: SSRT100878
http://www.mandriva.com/security/advisories?name=MDVSA-2012:089
RedHat Security Advisories: RHSA-2012:1110
http://rhn.redhat.com/errata/RHSA-2012-1110.html
http://secunia.com/advisories/51096
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004
SuSE Security Announcement: SUSE-SU-2012:0741 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00010.html
SuSE Security Announcement: openSUSE-SU-2012:0722 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3817
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Debian Security Information: DSA-2517 (Google Search)
http://www.debian.org/security/2012/dsa-2517
RedHat Security Advisories: RHSA-2012:1122
http://rhn.redhat.com/errata/RHSA-2012-1122.html
RedHat Security Advisories: RHSA-2012:1123
http://rhn.redhat.com/errata/RHSA-2012-1123.html
http://www.securitytracker.com/id?1027296
SuSE Security Announcement: openSUSE-SU-2012:0969 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-08/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:0971 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-08/msg00015.html
http://www.ubuntu.com/usn/USN-1518-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-4940
BugTraq ID: 54083
http://www.securityfocus.com/bid/54083
http://jvn.jp/en/jp/JVN51176027/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063
http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://www.ubuntu.com/usn/USN-1592-1
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
Common Vulnerability Exposure (CVE) ID: CVE-2011-4944
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555
https://bugzilla.redhat.com/show_bug.cgi?id=758905
http://www.openwall.com/lists/oss-security/2012/03/27/2
http://www.openwall.com/lists/oss-security/2012/03/27/10
http://www.openwall.com/lists/oss-security/2012/03/27/5
http://secunia.com/advisories/51087
http://secunia.com/advisories/51089
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1615-1
http://www.ubuntu.com/usn/USN-1616-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1150
http://www.openwall.com/lists/oss-security/2012/03/10/3
http://mail.python.org/pipermail/python-dev/2011-December/115116.html
http://mail.python.org/pipermail/python-dev/2012-January/115892.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-0876
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
BugTraq ID: 52379
http://www.securityfocus.com/bid/52379
Debian Security Information: DSA-2525 (Google Search)
http://www.debian.org/security/2012/dsa-2525
http://www.mandriva.com/security/advisories?name=MDVSA-2012:041
http://bugs.python.org/issue13703#msg151870
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
RedHat Security Advisories: RHSA-2012:0731
http://rhn.redhat.com/errata/RHSA-2012-0731.html
RedHat Security Advisories: RHSA-2016:0062
http://rhn.redhat.com/errata/RHSA-2016-0062.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://secunia.com/advisories/49504
http://www.ubuntu.com/usn/USN-1527-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1148
http://www.securitytracker.com/id/1034344
Common Vulnerability Exposure (CVE) ID: CVE-2012-0441
BugTraq ID: 53798
http://www.securityfocus.com/bid/53798
Debian Security Information: DSA-2490 (Google Search)
http://www.debian.org/security/2012/dsa-2490
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701
http://secunia.com/advisories/49976
http://secunia.com/advisories/50316
SuSE Security Announcement: SUSE-SU-2012:0746 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
SuSE Security Announcement: openSUSE-SU-2012:0760 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
http://www.ubuntu.com/usn/USN-1540-1
http://www.ubuntu.com/usn/USN-1540-2
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.