English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103627
Category:VMware Local Security Checks
Title:VMware ESXi/ESX security updates (VMSA-2012-0018)
Summary:The remote ESXi is missing one or more security related Updates from VMSA-2012-0018.
Description:Summary:
The remote ESXi is missing one or more security related Updates from VMSA-2012-0018.

Vulnerability Insight:
a. vCenter Server Appliance directory traversal

The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an
authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose
sensitive information stored on the server.

b. vCenter Server Appliance arbitrary file download

The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an
authenticated remote user to retrieve arbitrary files. Exploitation of this issue may
expose sensitive information stored on the server.

c. Update to ESX glibc package

The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues.

Affected Software/OS:
VMware ESXi 5.1 without patch ESXi510-201212101

VMware ESXi 5.0 without patch ESXi500-201212101

Solution:
Apply the missing patch(es).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-6324
Common Vulnerability Exposure (CVE) ID: CVE-2012-6325
Common Vulnerability Exposure (CVE) ID: CVE-2009-5029
20111203 VSFTPD Remote Heap Overrun (low severity)
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
[libc-alpha] 20111215 integer overflow to heap overrun exploit in glibc
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
https://bugzilla.redhat.com/show_bug.cgi?id=761245
Common Vulnerability Exposure (CVE) ID: CVE-2009-5064
http://reverse.lostrealm.com/protect/ldd.html
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/
https://bugzilla.redhat.com/show_bug.cgi?id=531160
https://bugzilla.redhat.com/show_bug.cgi?id=682998
http://openwall.com/lists/oss-security/2011/03/07/10
http://openwall.com/lists/oss-security/2011/03/07/7
http://openwall.com/lists/oss-security/2011/03/08/2
http://openwall.com/lists/oss-security/2011/03/07/13
http://openwall.com/lists/oss-security/2011/03/08/1
http://openwall.com/lists/oss-security/2011/03/08/10
http://openwall.com/lists/oss-security/2011/03/08/3
http://openwall.com/lists/oss-security/2011/03/08/7
http://www.redhat.com/support/errata/RHSA-2011-1526.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0830
BugTraq ID: 40063
http://www.securityfocus.com/bid/40063
Debian Security Information: DSA-2058 (Google Search)
http://www.debian.org/security/2010/dsa-2058
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
http://securitytracker.com/id?1024044
http://secunia.com/advisories/39900
SuSE Security Announcement: SUSE-SA:2010:052 (Google Search)
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
XForce ISS Database: glibc-elf-code-execution(58915)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
46740
http://www.securityfocus.com/bid/46740
MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
MDVSA-2011:179
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
RHSA-2011:1526
[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/11
[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/9
[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/07/9
[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/15/6
[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/04/01/2
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
Common Vulnerability Exposure (CVE) ID: CVE-2011-4609
https://bugzilla.redhat.com/show_bug.cgi?id=767299
Common Vulnerability Exposure (CVE) ID: CVE-2012-0864
52201
http://www.securityfocus.com/bid/52201
RHSA-2012:0393
http://rhn.redhat.com/errata/RHSA-2012-0393.html
RHSA-2012:0397
http://rhn.redhat.com/errata/RHSA-2012-0397.html
RHSA-2012:0488
http://rhn.redhat.com/errata/RHSA-2012-0488.html
RHSA-2012:0531
http://rhn.redhat.com/errata/RHSA-2012-0531.html
[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets
http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html
http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
http://www.phrack.org/issues.html?issue=67&id=9#article
https://bugzilla.redhat.com/show_bug.cgi?id=794766
Common Vulnerability Exposure (CVE) ID: CVE-2012-3404
GLSA-201503-04
https://security.gentoo.org/glsa/201503-04
RHSA-2012:1098
http://rhn.redhat.com/errata/RHSA-2012-1098.html
RHSA-2012:1200
http://rhn.redhat.com/errata/RHSA-2012-1200.html
USN-1589-1
http://www.ubuntu.com/usn/USN-1589-1
[oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities
http://www.openwall.com/lists/oss-security/2012/07/11/17
https://bugzilla.redhat.com/show_bug.cgi?id=833703
https://sourceware.org/bugzilla/show_bug.cgi?id=12445
Common Vulnerability Exposure (CVE) ID: CVE-2012-3405
https://bugzilla.redhat.com/show_bug.cgi?id=833704
https://sourceware.org/bugzilla/show_bug.cgi?id=13446
Common Vulnerability Exposure (CVE) ID: CVE-2012-3406
RHSA-2012:1097
http://rhn.redhat.com/errata/RHSA-2012-1097.html
RHSA-2012:1185
http://rhn.redhat.com/errata/RHSA-2012-1185.html
https://bugzilla.redhat.com/attachment.cgi?id=594722
https://bugzilla.redhat.com/show_bug.cgi?id=826943
Common Vulnerability Exposure (CVE) ID: CVE-2012-3480
1027374
http://www.securitytracker.com/id?1027374
50201
http://secunia.com/advisories/50201
50422
http://secunia.com/advisories/50422
54982
http://www.securityfocus.com/bid/54982
84710
http://osvdb.org/84710
FEDORA-2012-11927
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html
RHSA-2012:1207
http://rhn.redhat.com/errata/RHSA-2012-1207.html
RHSA-2012:1208
http://rhn.redhat.com/errata/RHSA-2012-1208.html
RHSA-2012:1262
http://rhn.redhat.com/errata/RHSA-2012-1262.html
RHSA-2012:1325
http://rhn.redhat.com/errata/RHSA-2012-1325.html
[libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459)
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
[oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://www.openwall.com/lists/oss-security/2012/08/13/4
[oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://www.openwall.com/lists/oss-security/2012/08/13/6
http://sourceware.org/bugzilla/show_bug.cgi?id=14459
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.