<< Previous Next >>
VMware ESX
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009407-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-200910406-SG
ESX 3.0.3 ESX ESX303-200910402-SG
ESX 2.5.5 ESX not affected
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0016
Synopsis: VMware ESXi and ESX third party updates for Service
Console and Likewise components
Issue date: 2010-11-15
Updated on: 2010-11-15 (initial release of advisory)
CVE numbers: CVE-2010-0415 CVE-2010-0307 CVE-2010-0291
CVE-2010-0622 CVE-2010-1087 CVE-2010-1437
vCenter Server 4.1 GA
vCenter Server 4.0 Update 2 and earlier
VirtualCenter 2.5 Update 6 and earlier
ESXi 4.1 GA
ESXi 4.0 without patch ESXi400-201103402-SG
ESX 4.1 GA
ESX 4.0 without patch ESX400-201103401-SG
VirtualCenter 2.5 Windows Virtual Center 2.5 Update 6
VirtualCenter 2.0.2 Windows not being fixed at this time *
hosted ** any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201003403-SG
ESX 3.0.3 ESX not being fixed at this time *
ESX 2.5.5 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable
ESX 4.0 ESX not applicable
ESX 3.5 ESX ESX350-201012408-SG
ESX 3.0.3 ESX affected, patch pending
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201101405-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903406-SG
ESX 3.0.2 ESX ESX-1008409
ESX 2.5.5 ESX affected, patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200906411-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
* Note: This only affects the installer, if you have a version of
Workstation or Player installed you are not vulnerable.
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0002
Synopsis: Cisco Nexus 1000V VEM updates address denial of
service in VMware ESX/ESXi
Issue date: 2011-02-07
Updated on: 2011-02-07 (initial release of advisory)
CVE numbers: CVE-2011-0355
- ------------------------------------------------------------------------
============= ======== ======= =================
VirtualCenter any Windows affected, patch pending
hosted * any any for patch info see VMSA-2008-0005
ESXi 3.5 ESXi affected, patch pending
ESX 3.5 ESX for patch info see VMSA-2008-0001
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201204401-SG
ESX 4.0 ESX patch pending **
ESX 3.5 ESX not applicable
AMS any any not affected
Fusion 3.1.x OSX Fusion 3.1.3 or later*
ESXi 4.1 ESXi ESXi410-201104402-BG*
ESXi 4.0 ESXi ESXi400-201104402-BG*
ESXi 3.5 ESXi ESXe350-201105402-T-SG*
ESX 4.1 ESX ESX410-201104401-SG*
ESX 4.0 ESX ESX400-201104401-SG*
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201003405-SG
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX patch pending
ESX 2.5.5 ESX patch pending
============= ======== ======= =================
VirtualCenter any Windows not applicable
hosted any any not applicable
ESXi 3.5 ESXi not applicable
ESX 3.5 ESX patch ESX350-200806201-UG
ESX 3.0.2 ESX affected, no update planned
ESX 3.0.1 ESX affected, no update planned
ESX 2.5.5 ESX not applicable
Update Manager 4.1 Windows Update 2
Update Manager 4.0 Windows Update 4
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201011402-SG
ESX 4.0 ESX patch pending
ESX 3.x ESX not applicable
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not applicable
ESX 3.5 ESX ESX350-201006401-SG
ESX 3.0.3 ESX affected, no update planned
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-200906407-SG
ESX 3.0.3 ESX affected, patch pending
ESX 3.0.2 ESX affected, patch pending
VirtualCenter 2.5 Windows Virtual Center 2.5 Update 6
VirtualCenter 2.0.2 Windows not being fixed at this time *
hosted ** any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201003403-SG
ESX 3.0.3 ESX not being fixed at this time *
ESX 2.5.5 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200912403-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201002401-SG
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
vCenter 4.0 Windows patch pending
VirtualCenter 2.5 Windows VirtualCenter 2.5 Update 6b
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX patch pending
ESX 3.5 ESX ESX350-201203401-SG
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX Upgrade Patch 12
Hello !
SLP (Service Location Protocol) is defined by RFC 2165 and RFC 2608.
OpenSLP (the reference implementation) and others SLP softwares (like
mSLP) are vulnerable to a denial of service vulnerability (CVE-2010-3609
aka CERT VU#393783). The affected softwares include VMware ESX and ESXi,
Novell eDirectory, several SAN manufacturers, some Linux
distributions, ...
Here's a PoC triggering this vulnerability via either unicast (TCP or
UDP), broadcast and multicast : http://www.agarri.fr/docs/SLPick.py
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
Vulnerable versions : from 1.3.4 to 1.3.7
[=] Note about VMware products
VMware ESXi 3.5, ESXi 4 and ESX 4 are running by default a modified
version of SFCB (v1.3.3 in ESX 4). However they were tested as non
vulnerable :
- CVE-2010-1937 has been silently patched in WMware products
- CVE-2010-2054 doesn't affect versions lower than 1.3.4
AMS any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
* Refer to VMware Knowledge Base article 1035509 for the updated
version of vmrun for Workstation 6.5.x.
<<Previous Next>>
|
