Test ID:	1.3.6.1.4.1.25623.1.0.103915
Category:	VMware Local Security Checks
Title:	VMware ESXi/ESX updates to third party libraries (VMSA-2014-0002)
Summary:	VMware has updated vSphere third party libraries.
Description:	Summary: VMware has updated vSphere third party libraries. Vulnerability Insight: a. DDoS vulnerability in NTP third party libraries The NTP daemon has a DDoS vulnerability in the handling of the 'monlist' command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. b. Update to ESXi glibc package The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to resolve a security issue. c. vCenter and Update Manager, Oracle JRE 1.7 Update 45 Oracle JRE is updated to version JRE 1.7 Update 45, which addresses multiple security issues that existed in earlier releases of Oracle JRE. Affected Software/OS: VMware ESXi 5.5 without patch ESXi550-201403101-SG VMware ESXi 5.1 without patch ESXi510-201404101-SG VMware ESXi 5.0 without patch ESXi500-201405101-SG VMware ESXi 4.1 without patch ESXi410-201404401-SG VMware ESXi 4.0 without patch ESXi400-201404401-SG Solution: Apply the missing patch(es). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5211 BugTraq ID: 64692 http://www.securityfocus.com/bid/64692 Cert/CC Advisory: TA14-013A http://www.us-cert.gov/ncas/alerts/TA14-013A CERT/CC vulnerability note: VU#348126 http://www.kb.cert.org/vuls/id/348126 HPdes Security Advisory: HPSBOV03505 http://marc.info/?l=bugtraq&m=144182594518755&w=2 HPdes Security Advisory: HPSBUX02960 http://marc.info/?l=bugtraq&m=138971294629419&w=2 HPdes Security Advisory: SSRT101419 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://openwall.com/lists/oss-security/2013/12/30/6 http://openwall.com/lists/oss-security/2013/12/30/7 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://www.securitytracker.com/id/1030433 http://secunia.com/advisories/59288 http://secunia.com/advisories/59726 SuSE Security Announcement: openSUSE-SU-2014:1149 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4332 55113 http://secunia.com/advisories/55113 62324 http://www.securityfocus.com/bid/62324 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 RHSA-2013:1411 http://rhn.redhat.com/errata/RHSA-2013-1411.html RHSA-2013:1605 http://rhn.redhat.com/errata/RHSA-2013-1605.html USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130912 Re: CVE Request: Three integer overflows in glibc memory allocator http://www.openwall.com/lists/oss-security/2013/09/12/6 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332 https://sourceware.org/bugzilla/show_bug.cgi?id=15855 https://sourceware.org/bugzilla/show_bug.cgi?id=15856 https://sourceware.org/bugzilla/show_bug.cgi?id=15857
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.