Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103655
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX security updates for the authentication service and third party libraries (VMSA-2013-0001)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2013-0001.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2013-0001.

Vulnerability Insight:
a. VMware vSphere client-side authentication memory corruption vulnerability

VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the
handling of the management authentication protocol. To exploit this
vulnerability, an attacker must convince either vCenter Server,
vSphere Client or ESX to interact with a malicious server as a
client. Exploitation of the issue may lead to code execution on the client
system.

To reduce the likelihood of exploitation, vSphere components should be
deployed on an isolated management network.

b. Update to ESX/ESXi libxml2 userworld and service console

The ESX/ESXi userworld libxml2 library has been updated to resolve
multiple security issues. Also, the ESX service console libxml2
packages are updated to the following versions:

libxml2-2.6.26-2.1.15.el5_8.5

libxml2-python-2.6.26-2.1.15.el5_8.5

c. Update to ESX service console bind packages

The ESX service console bind packages are updated to the following versions:

bind-libs-9.3.6-20.P1.el5_8.2

bind-utils-9.3.6-20.P1.el5_8.2

d. Update to ESX service console libxslt package

The ESX service console libxslt package is updated to version
libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues.

Affected Software/OS:
ESXi 4.1 without patch ESXi410-201301401-SG

ESXi 4.0 without patches ESXi400-201302401-SG and ESXi400-201302403-SG

ESX 4.1 without patches ESX410-201301401-SG, ESX410-201301402-SG, ESX410-201301403-SG and ESX410-201301405-SG

Solution:
Apply the missing patch(es).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-1405
Common Vulnerability Exposure (CVE) ID: CVE-2011-3102
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
BugTraq ID: 53540
http://www.securityfocus.com/bid/53540
Debian Security Information: DSA-2479 (Google Search)
http://www.debian.org/security/2012/dsa-2479
http://www.mandriva.com/security/advisories?name=MDVSA-2012:098
http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
RedHat Security Advisories: RHSA-2013:0217
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://www.securitytracker.com/id?1027067
http://secunia.com/advisories/49243
http://secunia.com/advisories/50658
http://secunia.com/advisories/54886
http://secunia.com/advisories/55568
SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
SuSE Security Announcement: openSUSE-SU-2012:0656 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:0731 (Google Search)
https://lists.opensuse.org/opensuse-updates/2012-06/msg00011.html
XForce ISS Database: google-chrome-libxml-code-exec(75607)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75607
Common Vulnerability Exposure (CVE) ID: CVE-2012-2807
BugTraq ID: 54718
http://www.securityfocus.com/bid/54718
Debian Security Information: DSA-2521 (Google Search)
http://www.debian.org/security/2012/dsa-2521
http://www.mandriva.com/security/advisories?name=MDVSA-2012:126
http://secunia.com/advisories/50800
SuSE Security Announcement: openSUSE-SU-2012:0813 (Google Search)
https://hermes.opensuse.org/messages/15075728
SuSE Security Announcement: openSUSE-SU-2012:0975 (Google Search)
https://hermes.opensuse.org/messages/15375990
http://www.ubuntu.com/usn/USN-1587-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-4244
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
BugTraq ID: 55522
http://www.securityfocus.com/bid/55522
Debian Security Information: DSA-2547 (Google Search)
http://www.debian.org/security/2012/dsa-2547
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html
HPdes Security Advisory: HPSBOV03226
http://marc.info/?l=bugtraq&m=141879471518471&w=2
HPdes Security Advisory: SSRT101004
http://www.mandriva.com/security/advisories?name=MDVSA-2012:152
RedHat Security Advisories: RHSA-2012:1266
http://rhn.redhat.com/errata/RHSA-2012-1266.html
RedHat Security Advisories: RHSA-2012:1267
http://rhn.redhat.com/errata/RHSA-2012-1267.html
RedHat Security Advisories: RHSA-2012:1268
http://rhn.redhat.com/errata/RHSA-2012-1268.html
RedHat Security Advisories: RHSA-2012:1365
http://rhn.redhat.com/errata/RHSA-2012-1365.html
http://secunia.com/advisories/50560
http://secunia.com/advisories/50579
http://secunia.com/advisories/50582
http://secunia.com/advisories/50645
http://secunia.com/advisories/50673
http://secunia.com/advisories/51096
SuSE Security Announcement: SUSE-SU-2012:1199 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html
SuSE Security Announcement: SUSE-SU-2012:1333 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00007.html
SuSE Security Announcement: openSUSE-SU-2012:1192 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html
http://www.ubuntu.com/usn/USN-1566-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1202
BugTraq ID: 46785
http://www.securityfocus.com/bid/46785
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244
http://www.vupen.com/english/advisories/2011/0628
XForce ISS Database: google-xslt-info-disclosure(65966)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65966
Common Vulnerability Exposure (CVE) ID: CVE-2011-3970
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818
SuSE Security Announcement: SUSE-SU-2013:1654 (Google Search)
https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
SuSE Security Announcement: SUSE-SU-2013:1656 (Google Search)
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-2825
Common Vulnerability Exposure (CVE) ID: CVE-2012-2870
Debian Security Information: DSA-2555 (Google Search)
http://www.debian.org/security/2012/dsa-2555
http://secunia.com/advisories/50838
SuSE Security Announcement: openSUSE-SU-2012:1215 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-2871
XForce ISS Database: chrome-xsl-transforms-code-exec(78179)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78179
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.