Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA46529

VMware ESX Server Multiple Vulnerabilities
Secunia Advisory SA46529
Secunia VIM 4.0 - Free Trial
Release Date 2011-10-28
Last Update 2012-03-30
   
Popularity 3,041 views
Comments 0 comments

Criticality level Highly criticalHighly critical
Impact Hijacking
Security Bypass
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access
Where From remote
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Patch
   
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
   
Operating System
VMware ESX Server 3.x
VMware ESX Server 4.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2008-7270 CVSS score available to Secunia VIM customers
CVE-2010-1321 CVSS score available to Secunia VIM customers
CVE-2010-2054 CVSS score available to Secunia VIM customers
CVE-2010-3170 CVSS score available to Secunia VIM customers
CVE-2010-3173 CVSS score available to Secunia VIM customers
CVE-2010-3541 CVSS score available to Secunia VIM customers
CVE-2010-3548 CVSS score available to Secunia VIM customers
CVE-2010-3549 CVSS score available to Secunia VIM customers
CVE-2010-3550 CVSS score available to Secunia VIM customers
CVE-2010-3551 CVSS score available to Secunia VIM customers
CVE-2010-3552 CVSS score available to Secunia VIM customers
CVE-2010-3553 CVSS score available to Secunia VIM customers
CVE-2010-3554 CVSS score available to Secunia VIM customers
CVE-2010-3555 CVSS score available to Secunia VIM customers
CVE-2010-3556 CVSS score available to Secunia VIM customers
CVE-2010-3557 CVSS score available to Secunia VIM customers
CVE-2010-3558 CVSS score available to Secunia VIM customers
CVE-2010-3559 CVSS score available to Secunia VIM customers
CVE-2010-3560 CVSS score available to Secunia VIM customers
CVE-2010-3561 CVSS score available to Secunia VIM customers
CVE-2010-3562 CVSS score available to Secunia VIM customers
CVE-2010-3563 CVSS score available to Secunia VIM customers
CVE-2010-3565 CVSS score available to Secunia VIM customers
CVE-2010-3566 CVSS score available to Secunia VIM customers
CVE-2010-3567 CVSS score available to Secunia VIM customers
CVE-2010-3568 CVSS score available to Secunia VIM customers
CVE-2010-3569 CVSS score available to Secunia VIM customers
CVE-2010-3570 CVSS score available to Secunia VIM customers
CVE-2010-3571 CVSS score available to Secunia VIM customers
CVE-2010-3572 CVSS score available to Secunia VIM customers
CVE-2010-3573 CVSS score available to Secunia VIM customers
CVE-2010-3574 CVSS score available to Secunia VIM customers
CVE-2010-4180 CVSS score available to Secunia VIM customers
CVE-2010-4422 CVSS score available to Secunia VIM customers
CVE-2010-4447 CVSS score available to Secunia VIM customers
CVE-2010-4448 CVSS score available to Secunia VIM customers
CVE-2010-4450 CVSS score available to Secunia VIM customers
CVE-2010-4451 CVSS score available to Secunia VIM customers
CVE-2010-4452 CVSS score available to Secunia VIM customers
CVE-2010-4454 CVSS score available to Secunia VIM customers
CVE-2010-4462 CVSS score available to Secunia VIM customers
CVE-2010-4463 CVSS score available to Secunia VIM customers
CVE-2010-4465 CVSS score available to Secunia VIM customers
CVE-2010-4466 CVSS score available to Secunia VIM customers
CVE-2010-4467 CVSS score available to Secunia VIM customers
CVE-2010-4468 CVSS score available to Secunia VIM customers
CVE-2010-4469 CVSS score available to Secunia VIM customers
CVE-2010-4470 CVSS score available to Secunia VIM customers
CVE-2010-4471 CVSS score available to Secunia VIM customers
CVE-2010-4472 CVSS score available to Secunia VIM customers
CVE-2010-4473 CVSS score available to Secunia VIM customers
CVE-2010-4474 CVSS score available to Secunia VIM customers
CVE-2010-4475 CVSS score available to Secunia VIM customers
CVE-2010-4476 CVSS score available to Secunia VIM customers
CVE-2011-0002 CVSS score available to Secunia VIM customers
CVE-2011-0802 CVSS score available to Secunia VIM customers
CVE-2011-0814 CVSS score available to Secunia VIM customers
CVE-2011-0815 CVSS score available to Secunia VIM customers
CVE-2011-0862 CVSS score available to Secunia VIM customers
CVE-2011-0864 CVSS score available to Secunia VIM customers
CVE-2011-0865 CVSS score available to Secunia VIM customers
CVE-2011-0867 CVSS score available to Secunia VIM customers
CVE-2011-0871 CVSS score available to Secunia VIM customers
CVE-2011-0873 CVSS score available to Secunia VIM customers
  

Description

VMware has acknowledged multiple vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, conduct spoofing attacks, conduct DNS cache poisoning attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) An error exists in the bundled version of the OpenSSL library.

For more information:
SA42473

2) An error exists in the bundled version of the libuser library.

For more information:
SA42891

3) Two errors exist in the bundled version of the NSS library.

For more information see vulnerabilities #7 and #10:
SA41244

4) Multiple vulnerabilities exist in the bundled version of Sun Java JRE.

For more information:
SA39762
SA41791
SA43262
SA44784

5) An integer overflow error exists in the bundled version of sblim-sfcb.

For more information:
SA40018

The vulnerabilities are reported in versions 3.5, 4.0, and 4.1.


Solution
Apply patches (please see the vendor's advisory for details).
Changelog
Further details available to Secunia VIM customers

Original Advisory
VMware (VMSA-2011-0013, VMSA-2012-0003, VMSA-2012-0006):
http://www.vmware.com/security/advisories/VMSA-2011-0013.html
http://www.vmware.com/security/advisories/VMSA-2012-0003.html
http://www.vmware.com/security/advisories/VMSA-2012-0006.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: VMware ESX Server Multiple Vulnerabilities
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability