|
VMware ESX Server Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA22875
|
|
|
Release Date:
|
2006-11-14
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Exposure of sensitive information
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | VMware ESX Server 2.x
|
|
| | CVE reference: | CAN-2004-2069 (Secunia mirror)
CVE-2005-2177 (Secunia mirror)
CVE-2005-2491 (Secunia mirror)
CVE-2006-1056 (Secunia mirror)
CVE-2006-1342 (Secunia mirror)
CVE-2006-1343 (Secunia mirror)
CVE-2006-1864 (Secunia mirror)
CVE-2006-2071 (Secunia mirror)
CVE-2006-3403 (Secunia mirror)
CVE-2006-3467 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities, security issues, and a weakness have been reported in VMware ESX Server, which can be exploited by malicious, local users to bypass certain security restrictions and disclose potentially sensitive information, or by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
For more information:
SA15930
SA16793
SA19357
SA19657
SA19724
SA19869
SA20100
SA20980
This also fixes a security issue is OpenSSH, which is caused due to an error in signaling child processes to terminate after the LoginGraceTime period has expired. This may be exploited to cause a DoS by preventing the daemon from accepting new connections.
Solution:
VMware ESX Server 2.0.2:
Apply Upgrade Patch 2
VMware ESX Server 2.1.3:
Apply Upgrade Patch 2
VMware ESX Server 2.5.3:
Apply Upgrade Patch 4 (do not apply this patch to SunFire X4100 or X4200 servers).
VMware ESX Server 2.5.4:
Apply Upgrade Patch 1
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://www.vmware.com/download/esx/esx-253-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-202-200610-patch.html
Other References:
SA15930:
http://secunia.com/advisories/15930/
SA16793:
http://secunia.com/advisories/16793/
SA19357:
http://secunia.com/advisories/19357/
SA19657:
http://secunia.com/advisories/19657/
SA19724:
http://secunia.com/advisories/19724/
SA19869:
http://secunia.com/advisories/19869/
SA20100:
http://secunia.com/advisories/20100/
SA20980:
http://secunia.com/advisories/20980/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
19 Related Secunia Security Advisories, displaying 10
|
|
|
1. VMware ESX Server update for Samba and vmnix
|
|
2. VMware Products Multiple Vulnerabilities
|
|
3. VMware ESX Server Multiple Security Updates
|
|
4. VMware ESX Server update for libxml2
|
|
5. VMware ESX Server update for e2fsprogs
|
|
6. VMware ESX Server Multiple Updates
|
|
7. VMware ESX Server Multiple Security Updates
|
|
8. VMware ESX Server Multiple Security Updates
|
|
9. VMWare Products Multiple Vulnerabilities
|
|
10. VMware Products Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
