ID de Prueba:	1.3.6.1.4.1.25623.1.0.103453
Categoría:	VMware Local Security Checks
Título:	VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm (VMSA-2011-0004.3)
Resumen:	The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.
Descripción:	Summary: The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3. Vulnerability Insight: Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm. a. Service Location Protocol daemon DoS This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). b. Service Console update for bind This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security issues. c. Service Console update for pam This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules. d. Service Console update for rpm, rpm-libs, rpm-python, and popt This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which resolves a security issue. Vulnerability Impact: a. Service Location Protocol daemon DoS Exploitation of this vulnerability could cause SLPD to consume significant CPU resources. Affected Software/OS: VMware ESXi 4.1 without patch ESXi410-201101201-SG VMware ESXi 4.0 without patch ESXi400-201103401-SG VMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG Solution: Apply the missing patch(es). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3613 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 45133 http://www.securityfocus.com/bid/45133 Bugtraq: 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. (Google Search) http://www.securityfocus.com/archive/1/516909/100/0/threaded CERT/CC vulnerability note: VU#706148 http://www.kb.cert.org/vuls/id/706148 Debian Security Information: DSA-2130 (Google Search) http://www.debian.org/security/2010/dsa-2130 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html HPdes Security Advisory: HPSBUX02655 http://marc.info/?l=bugtraq&m=130270720601677&w=2 HPdes Security Advisory: SSRT100353 http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 http://lists.vmware.com/pipermail/security-announce/2011/000126.html NETBSD Security Advisory: NetBSD-SA2011-001 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc http://www.osvdb.org/69558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601 http://www.redhat.com/support/errata/RHSA-2010-0975.html http://www.redhat.com/support/errata/RHSA-2010-0976.html http://www.redhat.com/support/errata/RHSA-2010-1000.html http://securitytracker.com/id?1024817 http://secunia.com/advisories/42374 http://secunia.com/advisories/42459 http://secunia.com/advisories/42522 http://secunia.com/advisories/42671 http://secunia.com/advisories/42707 http://secunia.com/advisories/43141 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190 http://www.ubuntu.com/usn/USN-1025-1 http://www.vupen.com/english/advisories/2010/3102 http://www.vupen.com/english/advisories/2010/3103 http://www.vupen.com/english/advisories/2010/3138 http://www.vupen.com/english/advisories/2010/3139 http://www.vupen.com/english/advisories/2010/3140 http://www.vupen.com/english/advisories/2011/0267 http://www.vupen.com/english/advisories/2011/0606 Common Vulnerability Exposure (CVE) ID: CVE-2010-3614 BugTraq ID: 45137 http://www.securityfocus.com/bid/45137 CERT/CC vulnerability note: VU#837744 http://www.kb.cert.org/vuls/id/837744 http://www.osvdb.org/69559 http://secunia.com/advisories/42435 Common Vulnerability Exposure (CVE) ID: CVE-2010-3762 BugTraq ID: 45385 http://www.securityfocus.com/bid/45385 Common Vulnerability Exposure (CVE) ID: CVE-2010-3316 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. 49711 http://secunia.com/advisories/49711 ADV-2011-0606 GLSA-201206-31 http://security.gentoo.org/glsa/glsa-201206-31.xml MDVSA-2010:220 http://www.mandriva.com/security/advisories?name=MDVSA-2010:220 RHSA-2010:0819 http://www.redhat.com/support/errata/RHSA-2010-0819.html RHSA-2010:0891 http://www.redhat.com/support/errata/RHSA-2010-0891.html [oss-security] 20100816 Minor security flaw with pam_xauth http://openwall.com/lists/oss-security/2010/08/16/2 [oss-security] 20100921 Re: Minor security flaw with pam_xauth http://openwall.com/lists/oss-security/2010/09/21/3 http://openwall.com/lists/oss-security/2010/09/21/8 [oss-security] 20100924 Re: Minor security flaw with pam_xauth http://www.openwall.com/lists/oss-security/2010/09/24/2 [oss-security] 20100927 Re: Minor security flaw with pam_xauth http://openwall.com/lists/oss-security/2010/09/27/4 http://openwall.com/lists/oss-security/2010/09/27/5 [oss-security] 20100928 Re: Minor security flaw with pam_xauth http://openwall.com/lists/oss-security/2010/09/27/10 http://openwall.com/lists/oss-security/2010/09/27/7 [oss-security] 20101025 Re: Minor security flaw with pam_xauth http://openwall.com/lists/oss-security/2010/10/25/2 [security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=06f882f30092a39a1db867c9744b2ca8d60e4ad6 http://www.vmware.com/security/advisories/VMSA-2011-0004.html https://bugzilla.redhat.com/show_bug.cgi?id=637898 https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663 Common Vulnerability Exposure (CVE) ID: CVE-2010-3435 http://openwall.com/lists/oss-security/2010/09/27/8 https://bugzilla.redhat.com/show_bug.cgi?id=641335 Common Vulnerability Exposure (CVE) ID: CVE-2010-3853 http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13 https://bugzilla.redhat.com/show_bug.cgi?id=643043 Common Vulnerability Exposure (CVE) ID: CVE-2010-2059 40028 http://secunia.com/advisories/40028 65143 http://www.osvdb.org/65143 MDVSA-2010:180 http://www.mandriva.com/security/advisories?name=MDVSA-2010:180 RHSA-2010:0679 http://www.redhat.com/support/errata/RHSA-2010-0679.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [oss-security] 20100602 CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/02/2 [oss-security] 20100602 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/02/3 [oss-security] 20100603 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://marc.info/?l=oss-security&m=127559059928131&w=2 http://www.openwall.com/lists/oss-security/2010/06/03/5 [oss-security] 20100604 Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) http://www.openwall.com/lists/oss-security/2010/06/04/1 http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz http://rpm.org/gitweb?p=rpm.git%3Ba=commit%3Bh=ca2d6b2b484f1501eafdde02e1688409340d2383 https://bugzilla.redhat.com/show_bug.cgi?id=125517 https://bugzilla.redhat.com/show_bug.cgi?id=598775 Common Vulnerability Exposure (CVE) ID: CVE-2010-3609 BugTraq ID: 46772 http://www.securityfocus.com/bid/46772 CERT/CC vulnerability note: VU#393783 http://www.kb.cert.org/vuls/id/393783 https://security.gentoo.org/glsa/201707-05 http://www.mandriva.com/security/advisories?name=MDVSA-2012:141 http://www.mandriva.com/security/advisories?name=MDVSA-2013:111 http://www.osvdb.org/71019 http://securitytracker.com/id?1025168 http://secunia.com/advisories/43601 http://secunia.com/advisories/43742 http://securityreason.com/securityalert/8127 http://www.vupen.com/english/advisories/2011/0729 XForce ISS Database: vmware-esxserver-slpd-dos(65931) https://exchange.xforce.ibmcloud.com/vulnerabilities/65931
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.