Test Kennung:	1.3.6.1.4.1.25623.1.0.103453
Kategorie:	VMware Local Security Checks
Titel:	VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm (VMSA-2011-0004.3)
Zusammenfassung:	The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.
Beschreibung:	Summary: The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3. Vulnerability Insight: Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm. a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). b. Service Console update for bind This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security issues. c. Service Console update for pam This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules. d. Service Console update for rpm, rpm-libs, rpm-python, and popt This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which resolves a security issue. Vulnerability Impact: a. Service Location Protocol daemon DoS Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. Affected Software/OS: VMware ESXi 4.1 without patch ESXi410-201101201-SG VMware ESXi 4.0 without patch ESXi400-201103401-SG VMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG Solution: Apply the missing patch(es). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3613 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 45133 http://www.securityfocus.com/bid/45133 Bugtraq: 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. (Google Search) http://www.securityfocus.com/archive/1/516909/100/0/threaded CERT/CC vulnerability note: VU#706148 http://www.kb.cert.org/vuls/id/706148 Debian Security Information: DSA-2130 (Google Search) http://www.debian.org/security/2010/dsa-2130 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html HPdes Security Advisory: HPSBUX02655 http://marc.info/?l=bugtraq&m=130270720601677&w=2 HPdes Security Advisory: SSRT100353 http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 http://lists.vmware.com/pipermail/security-announce/2011/000126.html NETBSD Security Advisory: NetBSD-SA2011-001 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc http://www.osvdb.org/69558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601 http://www.redhat.com/support/errata/RHSA-2010-0975.html http://www.redhat.com/support/errata/RHSA-2010-0976.html http://www.redhat.com/support/errata/RHSA-2010-1000.html http://securitytracker.com/id?1024817 http://secunia.com/advisories/42374 http://secunia.com/advisories/42459 http://secunia.com/advisories/42522 http://secunia.com/advisories/42671 http://secunia.com/advisories/42707 http://secunia.com/advisories/43141 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190 http://www.ubuntu.com/usn/USN-1025-1 http://www.vupen.com/english/advisories/2010/3102 http://www.vupen.com/english/advisories/2010/3103 http://www.vupen.com/english/advisories/2010/3138 http://www.vupen.com/english/advisories/2010/3139 http://www.vupen.com/english/advisories/2010/3140 http://www.vupen.com/english/advisories/2011/0267 http://www.vupen.com/english/advisories/2011/0606 Common Vulnerability Exposure (CVE) ID: CVE-2010-3614 BugTraq ID: 45137 http://www.securityfocus.com/bid/45137 CERT/CC vulnerability note: VU#837744 http://www.kb.cert.org/vuls/id/837744 http://www.osvdb.org/69559 http://secunia.com/advisories/42435 Common Vulnerability Exposure (CVE) ID: CVE-2010-3762 BugTraq ID: 45385 http://www.securityfocus.com/bid/45385 Common Vulnerability Exposure (CVE) ID: CVE-2010-3316 http://security.gentoo.org/glsa/glsa-201206-31.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:220 https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663 http://openwall.com/lists/oss-security/2010/08/16/2 http://openwall.com/lists/oss-security/2010/09/21/3 http://openwall.com/lists/oss-security/2010/09/21/8 http://www.openwall.com/lists/oss-security/2010/09/24/2 http://openwall.com/lists/oss-security/2010/09/27/4 http://openwall.com/lists/oss-security/2010/09/27/5 http://openwall.com/lists/oss-security/2010/09/27/10 http://openwall.com/lists/oss-security/2010/09/27/7 http://openwall.com/lists/oss-security/2010/10/25/2 http://www.redhat.com/support/errata/RHSA-2010-0819.html http://www.redhat.com/support/errata/RHSA-2010-0891.html http://secunia.com/advisories/49711 Common Vulnerability Exposure (CVE) ID: CVE-2010-3435 http://openwall.com/lists/oss-security/2010/09/27/8 Common Vulnerability Exposure (CVE) ID: CVE-2010-3853 Common Vulnerability Exposure (CVE) ID: CVE-2010-2059 http://www.mandriva.com/security/advisories?name=MDVSA-2010:180 http://www.openwall.com/lists/oss-security/2010/06/02/2 http://www.openwall.com/lists/oss-security/2010/06/02/3 http://marc.info/?l=oss-security&m=127559059928131&w=2 http://www.openwall.com/lists/oss-security/2010/06/03/5 http://www.openwall.com/lists/oss-security/2010/06/04/1 http://www.osvdb.org/65143 http://www.redhat.com/support/errata/RHSA-2010-0679.html http://secunia.com/advisories/40028 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3609 BugTraq ID: 46772 http://www.securityfocus.com/bid/46772 CERT/CC vulnerability note: VU#393783 http://www.kb.cert.org/vuls/id/393783 https://security.gentoo.org/glsa/201707-05 http://www.mandriva.com/security/advisories?name=MDVSA-2012:141 http://www.mandriva.com/security/advisories?name=MDVSA-2013:111 http://www.osvdb.org/71019 http://securitytracker.com/id?1025168 http://secunia.com/advisories/43601 http://secunia.com/advisories/43742 http://securityreason.com/securityalert/8127 http://www.vupen.com/english/advisories/2011/0729 XForce ISS Database: vmware-esxserver-slpd-dos(65931) https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
Copyright	Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.