Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105393
Kategorie:VMware Local Security Checks
Titel:VMware ESXi OpenSLP Remote Code Execution (VMSA-2015-0007)
Zusammenfassung:VMware vCenter and ESXi updates address critical security issues.
Beschreibung:Summary:
VMware vCenter and ESXi updates address critical security issues.

Vulnerability Insight:
- VMware ESXi OpenSLP Remote Code Execution

VMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of
this issue may allow an unauthenticated attacker to execute code remotely on the ESXi host.

- VMware vCenter Server JMX RMI Remote Code Execution

VMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured.
An unauthenticated remote attacker that is able to connect to the service may be able use it to execute
arbitrary code on the vCenter server.

- VMware vCenter Server vpxd denial-of-service vulnerability

VMware vCenter Server does not properly sanitize long heartbeat messages. Exploitation of this issue may
allow an unauthenticated attacker to create a denial-of-service condition in the vpxd service.

Affected Software/OS:
VMware ESXi 5.5 without patch ESXi550-201509101

VMware ESXi 5.1 without patch ESXi510-201510101

VMware ESXi 5.0 without patch ESXi500-201510101

Solution:
Apply the missing patch(es).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5177
BugTraq ID: 76635
http://www.securityfocus.com/bid/76635
Debian Security Information: DSA-3353 (Google Search)
https://www.debian.org/security/2015/dsa-3353
http://www.securitytracker.com/id/1033719
Common Vulnerability Exposure (CVE) ID: CVE-2015-2342
BugTraq ID: 76930
http://www.securityfocus.com/bid/76930
http://seclists.org/fulldisclosure/2015/Oct/1
http://www.zerodayinitiative.com/advisories/ZDI-15-455
https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/
http://www.securitytracker.com/id/1033720
Common Vulnerability Exposure (CVE) ID: CVE-2015-1047
BugTraq ID: 76932
http://www.securityfocus.com/bid/76932
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.