 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.103884 |
| Category: | VMware Local Security Checks |
| Title: | VMware ESXi/ESX address several security issues (VMSA-2014-0001) |
| Summary: | VMware ESXi and ESX address several security issues. |
| Description: | Summary: VMware ESXi and ESX address several security issues. Vulnerability Insight: a. VMware ESXi and ESX NFC NULL pointer dereference VMware ESXi and ESX contain a NULL pointer dereference in the handling of the Network File Copy (NFC) traffic. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. b. VMware VMX process denial of service vulnerability Due to a flaw in the handling of invalid ports, it is possible to cause the VMX process to fail. This vulnerability may allow a guest user to affect the VMX process resulting in a partial denial of service on the host. c. VMware vCloud Director Cross Site Request Forgery (CSRF) VMware vCloud Director contains a vulnerability in the Hyper Text Transfer Protocol (http) session management. An attacker may trick an authenticated user to click a malicious link, which would result in the user being logged out. The user is able to immediately log back into the system. Affected Software/OS: VMware ESXi 5.1 without patch ESXi510-201401101 VMware ESXi 5.0 without patch ESXi500-201310101 VMware ESXi 4.1 without patch ESXi410-201312401 VMware ESXi 4.0 without patch ESXi400-201310401 VMware ESX 4.1 without patch ESX410-201312401 VMware ESX 4.0 without patch ESX400-201310401 Solution: Apply the missing patch(es). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1207 BugTraq ID: 64995 http://www.securityfocus.com/bid/64995 http://osvdb.org/102196 http://www.securitytracker.com/id/1029643 http://secunia.com/advisories/56499 XForce ISS Database: vmware-esx-cve20141207-dos(90559) https://exchange.xforce.ibmcloud.com/vulnerabilities/90559 Common Vulnerability Exposure (CVE) ID: CVE-2014-1208 BugTraq ID: 64994 http://www.securityfocus.com/bid/64994 http://osvdb.org/102197 http://www.securitytracker.com/id/1029644 XForce ISS Database: vmware-esx-cve20141208-dos(90558) https://exchange.xforce.ibmcloud.com/vulnerabilities/90558 Common Vulnerability Exposure (CVE) ID: CVE-2014-1211 BugTraq ID: 64993 http://www.securityfocus.com/bid/64993 http://osvdb.org/102198 http://www.securitytracker.com/id/1029645 XForce ISS Database: vmware-vcloud-cve20141211-csrf(90560) https://exchange.xforce.ibmcloud.com/vulnerabilities/90560 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |