English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.103672
Kategorie:VMware Local Security Checks
Titel:VMware ESXi/ESX address an NFC Protocol memory corruption and third party library security issues (VMSA-2013-0003)
Zusammenfassung:The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.
Beschreibung:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2013-0003.

Vulnerability Insight:
a. VMware vCenter, ESXi and ESX NFC protocol memory corruption
vulnerability

VMware vCenter Server, ESXi and ESX contain a vulnerability in the
handling of the Network File Copy (NFC) protocol. To exploit this
vulnerability, an attacker must intercept and modify the NFC
traffic between vCenter Server and the client or ESXi/ESX and the
client. Exploitation of the issue may lead to code execution.

To reduce the likelihood of exploitation, vSphere components should
be deployed on an isolated management network.

b. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38

Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

Oracle has documented the CVE identifiers that are addressed
in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update
Advisory of October 2012.

c. Update to ESX service console OpenSSL RPM

The service console OpenSSL RPM is updated to version
openssl-0.9.7a.33.28.i686 to resolve multiple security issues.

Affected Software/OS:
VMware ESXi 5.1 without ESXi510-201212101-SG

VMware ESXi 5.0 without ESXi500-201212102-SG

VMware ESXi 4.1 without ESXi410-201301401-SG

VMware ESXi 4.0 without ESXi400-201302401-SG

VMware ESXi 3.5 without ESXe350-201302401-I-SG and ESXe350-201302403-C-SG

VMware ESX 4.1 without ESX410-201301401-SG

VMware ESX 4.0 without ESX400-201302401-SG

VMware ESX 3.5 without ESX350-201302401-SG

Solution:
Apply the missing patch(es).

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-1659
Common Vulnerability Exposure (CVE) ID: CVE-2012-2110
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
BugTraq ID: 53158
http://www.securityfocus.com/bid/53158
Debian Security Information: DSA-2454 (Google Search)
http://www.debian.org/security/2012/dsa-2454
http://www.exploit-db.com/exploits/18756
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
HPdes Security Advisory: HPSBMU02776
http://marc.info/?l=bugtraq&m=133951357207000&w=2
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBOV02793
http://marc.info/?l=bugtraq&m=134039053214295&w=2
HPdes Security Advisory: HPSBUX02782
http://marc.info/?l=bugtraq&m=133728068926468&w=2
HPdes Security Advisory: SSRT100844
HPdes Security Advisory: SSRT100852
HPdes Security Advisory: SSRT100891
HPdes Security Advisory: SSRT101210
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
http://osvdb.org/81223
RedHat Security Advisories: RHSA-2012:0518
http://rhn.redhat.com/errata/RHSA-2012-0518.html
RedHat Security Advisories: RHSA-2012:0522
http://rhn.redhat.com/errata/RHSA-2012-0522.html
RedHat Security Advisories: RHSA-2012:1306
http://rhn.redhat.com/errata/RHSA-2012-1306.html
RedHat Security Advisories: RHSA-2012:1307
http://rhn.redhat.com/errata/RHSA-2012-1307.html
RedHat Security Advisories: RHSA-2012:1308
http://rhn.redhat.com/errata/RHSA-2012-1308.html
http://www.securitytracker.com/id?1026957
http://secunia.com/advisories/48847
http://secunia.com/advisories/48895
http://secunia.com/advisories/48899
http://secunia.com/advisories/48942
http://secunia.com/advisories/48999
http://secunia.com/advisories/57353
SuSE Security Announcement: SUSE-SU-2012:0623 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
SuSE Security Announcement: SUSE-SU-2012:0637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
SuSE Security Announcement: SUSE-SU-2012:1149 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
http://www.ubuntu.com/usn/USN-1424-1
CopyrightCopyright (C) 2013 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.