Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103915
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX updates to third party libraries (VMSA-2014-0002)
Zusammenfassung:VMware has updated vSphere third party libraries.
Beschreibung:Summary:
VMware has updated vSphere third party libraries.

Vulnerability Insight:
a. DDoS vulnerability in NTP third party libraries

The NTP daemon has a DDoS vulnerability in the handling of the
'monlist' command. An attacker may send a forged request to a
vulnerable NTP server resulting in an amplified response to the
intended target of the DDoS attack.

b. Update to ESXi glibc package

The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to
resolve a security issue.

c. vCenter and Update Manager, Oracle JRE 1.7 Update 45

Oracle JRE is updated to version JRE 1.7 Update 45, which addresses
multiple security issues that existed in earlier releases of Oracle JRE.

Affected Software/OS:
VMware ESXi 5.5 without patch ESXi550-201403101-SG

VMware ESXi 5.1 without patch ESXi510-201404101-SG

VMware ESXi 5.0 without patch ESXi500-201405101-SG

VMware ESXi 4.1 without patch ESXi410-201404401-SG

VMware ESXi 4.0 without patch ESXi400-201404401-SG

Solution:
Apply the missing patch(es).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-5211
BugTraq ID: 64692
http://www.securityfocus.com/bid/64692
Cert/CC Advisory: TA14-013A
http://www.us-cert.gov/ncas/alerts/TA14-013A
CERT/CC vulnerability note: VU#348126
http://www.kb.cert.org/vuls/id/348126
HPdes Security Advisory: HPSBOV03505
http://marc.info/?l=bugtraq&m=144182594518755&w=2
HPdes Security Advisory: HPSBUX02960
http://marc.info/?l=bugtraq&m=138971294629419&w=2
HPdes Security Advisory: SSRT101419
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
http://openwall.com/lists/oss-security/2013/12/30/6
http://openwall.com/lists/oss-security/2013/12/30/7
http://lists.ntp.org/pipermail/pool/2011-December/005616.html
http://www.securitytracker.com/id/1030433
http://secunia.com/advisories/59288
http://secunia.com/advisories/59726
SuSE Security Announcement: openSUSE-SU-2014:1149 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4332
BugTraq ID: 62324
http://www.securityfocus.com/bid/62324
https://security.gentoo.org/glsa/201503-04
http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
http://www.mandriva.com/security/advisories?name=MDVSA-2013:284
http://www.openwall.com/lists/oss-security/2013/09/12/6
RedHat Security Advisories: RHSA-2013:1411
http://rhn.redhat.com/errata/RHSA-2013-1411.html
RedHat Security Advisories: RHSA-2013:1605
http://rhn.redhat.com/errata/RHSA-2013-1605.html
http://secunia.com/advisories/55113
http://www.ubuntu.com/usn/USN-1991-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.