English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.103627
Categoría:VMware Local Security Checks
Título:VMware ESXi/ESX security updates (VMSA-2012-0018)
Resumen:The remote ESXi is missing one or more security related Updates from VMSA-2012-0018.
Descripción:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2012-0018.

Vulnerability Insight:
a. vCenter Server Appliance directory traversal

The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an
authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose
sensitive information stored on the server.

b. vCenter Server Appliance arbitrary file download

The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an
authenticated remote user to retrieve arbitrary files. Exploitation of this issue may
expose sensitive information stored on the server.

c. Update to ESX glibc package

The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.

Affected Software/OS:
VMware ESXi 5.1 without patch ESXi510-201212101

VMware ESXi 5.0 without patch ESXi500-201212101

Solution:
Apply the missing patch(es).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-6324
Common Vulnerability Exposure (CVE) ID: CVE-2012-6325
Common Vulnerability Exposure (CVE) ID: CVE-2009-5029
20111203 VSFTPD Remote Heap Overrun (low severity)
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
[libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
https://bugzilla.redhat.com/show_bug.cgi?id=761245
Common Vulnerability Exposure (CVE) ID: CVE-2009-5064
http://reverse.lostrealm.com/protect/ldd.html
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/
https://bugzilla.redhat.com/show_bug.cgi?id=531160
https://bugzilla.redhat.com/show_bug.cgi?id=682998
http://openwall.com/lists/oss-security/2011/03/07/10
http://openwall.com/lists/oss-security/2011/03/07/7
http://openwall.com/lists/oss-security/2011/03/08/2
http://openwall.com/lists/oss-security/2011/03/07/13
http://openwall.com/lists/oss-security/2011/03/08/1
http://openwall.com/lists/oss-security/2011/03/08/10
http://openwall.com/lists/oss-security/2011/03/08/3
http://openwall.com/lists/oss-security/2011/03/08/7
http://www.redhat.com/support/errata/RHSA-2011-1526.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0830
BugTraq ID: 40063
http://www.securityfocus.com/bid/40063
Debian Security Information: DSA-2058 (Google Search)
http://www.debian.org/security/2010/dsa-2058
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
http://securitytracker.com/id?1024044
http://secunia.com/advisories/39900
SuSE Security Announcement: SUSE-SA:2010:052 (Google Search)
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
XForce ISS Database: glibc-elf-code-execution(58915)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
46740
http://www.securityfocus.com/bid/46740
MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
MDVSA-2011:179
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
RHSA-2011:1526
[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/11
[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/9
[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/07/9
[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/15/6
[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/04/01/2
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
Common Vulnerability Exposure (CVE) ID: CVE-2011-4609
https://bugzilla.redhat.com/show_bug.cgi?id=767299
Common Vulnerability Exposure (CVE) ID: CVE-2012-0864
52201
http://www.securityfocus.com/bid/52201
RHSA-2012:0393
http://rhn.redhat.com/errata/RHSA-2012-0393.html
RHSA-2012:0397
http://rhn.redhat.com/errata/RHSA-2012-0397.html
RHSA-2012:0488
http://rhn.redhat.com/errata/RHSA-2012-0488.html
RHSA-2012:0531
http://rhn.redhat.com/errata/RHSA-2012-0531.html
[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets
http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
http://www.phrack.org/issues.html?issue=67&id=9#article
https://bugzilla.redhat.com/show_bug.cgi?id=794766
Common Vulnerability Exposure (CVE) ID: CVE-2012-3404
GLSA-201503-04
https://security.gentoo.org/glsa/201503-04
RHSA-2012:1098
http://rhn.redhat.com/errata/RHSA-2012-1098.html
RHSA-2012:1200
http://rhn.redhat.com/errata/RHSA-2012-1200.html
USN-1589-1
http://www.ubuntu.com/usn/USN-1589-1
[oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities
http://www.openwall.com/lists/oss-security/2012/07/11/17
https://bugzilla.redhat.com/show_bug.cgi?id=833703
https://sourceware.org/bugzilla/show_bug.cgi?id=12445
Common Vulnerability Exposure (CVE) ID: CVE-2012-3405
https://bugzilla.redhat.com/show_bug.cgi?id=833704
https://sourceware.org/bugzilla/show_bug.cgi?id=13446
Common Vulnerability Exposure (CVE) ID: CVE-2012-3406
RHSA-2012:1097
http://rhn.redhat.com/errata/RHSA-2012-1097.html
RHSA-2012:1185
http://rhn.redhat.com/errata/RHSA-2012-1185.html
https://bugzilla.redhat.com/attachment.cgi?id=594722
https://bugzilla.redhat.com/show_bug.cgi?id=826943
Common Vulnerability Exposure (CVE) ID: CVE-2012-3480
1027374
http://www.securitytracker.com/id?1027374
50201
http://secunia.com/advisories/50201
50422
http://secunia.com/advisories/50422
54982
http://www.securityfocus.com/bid/54982
84710
http://osvdb.org/84710
FEDORA-2012-11927
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html
RHSA-2012:1207
http://rhn.redhat.com/errata/RHSA-2012-1207.html
RHSA-2012:1208
http://rhn.redhat.com/errata/RHSA-2012-1208.html
RHSA-2012:1262
http://rhn.redhat.com/errata/RHSA-2012-1262.html
RHSA-2012:1325
http://rhn.redhat.com/errata/RHSA-2012-1325.html
[libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459)
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
[oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://www.openwall.com/lists/oss-security/2012/08/13/4
[oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://www.openwall.com/lists/oss-security/2012/08/13/6
http://sourceware.org/bugzilla/show_bug.cgi?id=14459
CopyrightCopyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.