|
 |
|
VMware ESX Server Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA24788
|
|
|
Release Date:
|
2007-04-05
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | VMware ESX Server 3.x
|
|
| | CVE reference: | CVE-2003-0107 (Secunia mirror)
CVE-2005-1704 (Secunia mirror)
CVE-2005-1849 (Secunia mirror)
CVE-2005-2096 (Secunia mirror)
CVE-2005-3011 (Secunia mirror)
CVE-2006-4810 (Secunia mirror)
CVE-2007-1270 (Secunia mirror)
CVE-2007-1271 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, and malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
For more information:
SA15449
SA15949
SA16137
SA16816
Additionally, a VMware internal security audit revealed the following two vulnerabilities:
1) An unspecified double free error can be exploited to cause a DoS, disclose sensitive information and may allow the execution of arbitrary code via unknown vectors.
2) An unspecified buffer overflow can be exploited to cause a DoS or gain escalated privileges via unknown vectors.
Solution:
Apply patches.
-- VMware ESX 3.0.1 --
http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
-- VMware ESX 3.0.0 --
http://www.vmware.com/support/vi3/doc/esx-55052-patch.html
http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
Original Advisory:
http://kb.vmware.com/kb/2559638
http://kb.vmware.com/kb/6431040
http://kb.vmware.com/kb/9916286
http://kb.vmware.com/kb/55052
http://kb.vmware.com/kb/1121906
http://kb.vmware.com/kb/3616065
http://kb.vmware.com/kb/55052
Other References:
SA15449:
http://secunia.com/advisories/15949/
SA15949:
http://secunia.com/advisories/15449/
SA16137:
http://secunia.com/advisories/16137/
SA16816:
http://secunia.com/advisories/16816/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
14 Related Secunia Security Advisories, displaying 10
|
|
|
1. VMware ESX Server update for Tomcat and Java JRE
|
|
2. VMware Products Multiple Vulnerabilities
|
|
3. VMware ESX Server Multiple Security Updates
|
|
4. VMware ESX Server Multiple Security Updates
|
|
5. VMware ESX Server Multiple Updates
|
|
6. VMware ESX Server Multiple Security Updates
|
|
7. VMware ESX Server and VirtualCenter Multiple Security Updates
|
|
8. VMware ESX Server Multiple Security Updates
|
|
9. VMWare Products Multiple Vulnerabilities
|
|
10. VMware Products Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
