Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103627
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX security updates (VMSA-2012-0018)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2012-0018.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2012-0018.

Vulnerability Insight:
a. vCenter Server Appliance directory traversal

The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an
authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose
sensitive information stored on the server.

b. vCenter Server Appliance arbitrary file download

The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an
authenticated remote user to retrieve arbitrary files. Exploitation of this issue may
expose sensitive information stored on the server.

c. Update to ESX glibc package

The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.

Affected Software/OS:
VMware ESXi 5.1 without patch ESXi510-201212101

VMware ESXi 5.0 without patch ESXi500-201212101

Solution:
Apply the missing patch(es).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-6324
Common Vulnerability Exposure (CVE) ID: CVE-2012-6325
Common Vulnerability Exposure (CVE) ID: CVE-2009-5029
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://sourceware.org/git/?p=glibc.git;a=commit;h=97ac2654b2d831acaa18a2b018b0736245903fd2
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-5064
http://reverse.lostrealm.com/protect/ldd.html
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/
https://bugzilla.redhat.com/show_bug.cgi?id=531160
https://bugzilla.redhat.com/show_bug.cgi?id=682998
http://openwall.com/lists/oss-security/2011/03/07/10
http://openwall.com/lists/oss-security/2011/03/07/7
http://openwall.com/lists/oss-security/2011/03/08/2
http://openwall.com/lists/oss-security/2011/03/07/13
http://openwall.com/lists/oss-security/2011/03/08/1
http://openwall.com/lists/oss-security/2011/03/08/10
http://openwall.com/lists/oss-security/2011/03/08/3
http://openwall.com/lists/oss-security/2011/03/08/7
http://www.redhat.com/support/errata/RHSA-2011-1526.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0830
BugTraq ID: 40063
http://www.securityfocus.com/bid/40063
Debian Security Information: DSA-2058 (Google Search)
http://www.debian.org/security/2010/dsa-2058
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
http://securitytracker.com/id?1024044
http://secunia.com/advisories/39900
SuSE Security Announcement: SUSE-SA:2010:052 (Google Search)
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
XForce ISS Database: glibc-elf-code-execution(58915)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
BugTraq ID: 46740
http://www.securityfocus.com/bid/46740
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
http://openwall.com/lists/oss-security/2011/03/04/11
http://openwall.com/lists/oss-security/2011/03/04/9
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/07/9
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
http://openwall.com/lists/oss-security/2011/03/15/6
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
http://openwall.com/lists/oss-security/2011/04/01/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-4609
Common Vulnerability Exposure (CVE) ID: CVE-2012-0864
BugTraq ID: 52201
http://www.securityfocus.com/bid/52201
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
http://www.phrack.org/issues.html?issue=67&id=9#article
http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
RedHat Security Advisories: RHSA-2012:0393
http://rhn.redhat.com/errata/RHSA-2012-0393.html
RedHat Security Advisories: RHSA-2012:0397
http://rhn.redhat.com/errata/RHSA-2012-0397.html
RedHat Security Advisories: RHSA-2012:0488
http://rhn.redhat.com/errata/RHSA-2012-0488.html
RedHat Security Advisories: RHSA-2012:0531
http://rhn.redhat.com/errata/RHSA-2012-0531.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3404
https://security.gentoo.org/glsa/201503-04
http://www.openwall.com/lists/oss-security/2012/07/11/17
RedHat Security Advisories: RHSA-2012:1098
http://rhn.redhat.com/errata/RHSA-2012-1098.html
RedHat Security Advisories: RHSA-2012:1200
http://rhn.redhat.com/errata/RHSA-2012-1200.html
http://www.ubuntu.com/usn/USN-1589-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3405
Common Vulnerability Exposure (CVE) ID: CVE-2012-3406
RedHat Security Advisories: RHSA-2012:1097
http://rhn.redhat.com/errata/RHSA-2012-1097.html
RedHat Security Advisories: RHSA-2012:1185
http://rhn.redhat.com/errata/RHSA-2012-1185.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-3480
BugTraq ID: 54982
http://www.securityfocus.com/bid/54982
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html
http://sourceware.org/bugzilla/show_bug.cgi?id=14459
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
http://www.openwall.com/lists/oss-security/2012/08/13/4
http://www.openwall.com/lists/oss-security/2012/08/13/6
http://osvdb.org/84710
RedHat Security Advisories: RHSA-2012:1207
http://rhn.redhat.com/errata/RHSA-2012-1207.html
RedHat Security Advisories: RHSA-2012:1208
http://rhn.redhat.com/errata/RHSA-2012-1208.html
RedHat Security Advisories: RHSA-2012:1262
http://rhn.redhat.com/errata/RHSA-2012-1262.html
RedHat Security Advisories: RHSA-2012:1325
http://rhn.redhat.com/errata/RHSA-2012-1325.html
http://www.securitytracker.com/id?1027374
http://secunia.com/advisories/50201
http://secunia.com/advisories/50422
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.