Test Kennung:	1.3.6.1.4.1.25623.1.0.103458
Kategorie:	VMware Local Security Checks
Titel:	VMware ESXi/ESX address several security issues (VMSA-2012-0006)
Zusammenfassung:	The remote ESXi is missing one or more security related Updates from VMSA-2012-0006.
Beschreibung:	Summary: The remote ESXi is missing one or more security related Updates from VMSA-2012-0006. Vulnerability Insight: VMware ESXi and ESX address several security issues. a. VMware ROM Overwrite Privilege Escalation A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2 32-bit. b. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-400.2.6.18-238.4.11.591731 to fix multiple security issues in the COS kernel. c. ESX third party update for Service Console krb5 RPM This patch updates the krb5-libs and krb5-workstation RPMs to version 1.6.1-63.el5_7 to resolve a security issue. Affected Software/OS: ESXi 4.1 without patch ESXi410-201101201-SG ESXi 4.0 without patch ESXi400-201203401-SG ESXi 3.5 without patch ESXe350-201203401-I-SG ESX 4.1 without patch ESX410-201101201-SG ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG ESX 3.5 without patch ESX350-201203401-SG Solution: Apply the missing patch(es). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1515 BugTraq ID: 52820 http://www.securityfocus.com/bid/52820 Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html Microsoft Security Bulletin: MS12-042 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15209 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17110 http://www.securitytracker.com/id?1026875 XForce ISS Database: vmware-esxserver-io-privilege-escalation(74480) https://exchange.xforce.ibmcloud.com/vulnerabilities/74480 Common Vulnerability Exposure (CVE) ID: CVE-2011-2482 RHSA-2011:1212 http://rhn.redhat.com/errata/RHSA-2011-1212.html [oss-security] 20110830 kernel: CVE-2011-2482/2519 http://www.openwall.com/lists/oss-security/2011/08/30/1 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ea2bc483ff5caada7c4aa0d5fbf87d3a6590273d https://bugzilla.redhat.com/show_bug.cgi?id=714867 https://github.com/torvalds/linux/commit/ea2bc483ff5caada7c4aa0d5fbf87d3a6590273d Common Vulnerability Exposure (CVE) ID: CVE-2011-3191 [oss-security] 20110824 Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() http://www.openwall.com/lists/oss-security/2011/08/24/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9438fabb73eb48055b58b89fc51e0bc4db22fabd http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 https://bugzilla.redhat.com/show_bug.cgi?id=732869 https://github.com/torvalds/linux/commit/9438fabb73eb48055b58b89fc51e0bc4db22fabd Common Vulnerability Exposure (CVE) ID: CVE-2011-4348 [oss-security] 20120305 CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482 http://www.openwall.com/lists/oss-security/2012/03/05/2 http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ae53b5bd77719fed58086c5be60ce4f22bffe1c6 https://bugzilla.redhat.com/show_bug.cgi?id=757143 https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6 Common Vulnerability Exposure (CVE) ID: CVE-2011-4862 Bugtraq: 20111226 MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html Debian Security Information: DSA-2372 (Google Search) http://www.debian.org/security/2011/dsa-2372 Debian Security Information: DSA-2373 (Google Search) http://www.debian.org/security/2011/dsa-2373 Debian Security Information: DSA-2375 (Google Search) http://www.debian.org/security/2011/dsa-2375 http://www.exploit-db.com/exploits/18280/ http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html FreeBSD Security Advisory: FreeBSD-SA-11:08 http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc http://www.mandriva.com/security/advisories?name=MDVSA-2011:195 http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html http://osvdb.org/78020 http://www.redhat.com/support/errata/RHSA-2011-1851.html http://www.redhat.com/support/errata/RHSA-2011-1852.html http://www.redhat.com/support/errata/RHSA-2011-1853.html http://www.redhat.com/support/errata/RHSA-2011-1854.html http://www.securitytracker.com/id?1026460 http://www.securitytracker.com/id?1026463 http://secunia.com/advisories/46239 http://secunia.com/advisories/47341 http://secunia.com/advisories/47348 http://secunia.com/advisories/47357 http://secunia.com/advisories/47359 http://secunia.com/advisories/47373 http://secunia.com/advisories/47374 http://secunia.com/advisories/47397 http://secunia.com/advisories/47399 http://secunia.com/advisories/47441 SuSE Security Announcement: SUSE-SU-2012:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SuSE Security Announcement: SUSE-SU-2012:0018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html SuSE Security Announcement: SUSE-SU-2012:0024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html SuSE Security Announcement: SUSE-SU-2012:0042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html SuSE Security Announcement: SUSE-SU-2012:0050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html SuSE Security Announcement: SUSE-SU-2012:0056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html SuSE Security Announcement: openSUSE-SU-2012:0019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html SuSE Security Announcement: openSUSE-SU-2012:0051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html XForce ISS Database: multiple-telnetd-bo(71970) https://exchange.xforce.ibmcloud.com/vulnerabilities/71970
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.