<< Previous Next >>
VMware ESXi
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0016
Synopsis: VMware Hosted products, VirtualCenter Update 3 and
patches for ESX and ESXi resolve multiple security issues
Issue date: 2008-10-03
Updated on: 2008-10-03 (initial release of advisory)
CVE numbers: CVE-2008-4279 CVE-2008-4278 CVE-2008-3103
CVE-2008-3104 CVE-2008-3105 CVE-2008-3106
CVE-2008-3107 CVE-2008-3108 CVE-2008-3109
---------------------
The following VMware product versions are known to be affected:
VMware Workstation 7.0.0
VMware Workstation 7.1.5 and earlier
VMware Player 3.1.5 and earlier
VMware ESXi 4.1.0 Update 2 Build 502767 and earlier
Other related versions not tested due to unavailability
UNAFFECTED ENVIRONMENTS
-----------------------
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-201008405-SG
ESX 3.0.3 ESX affected, patch pending
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201009407-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-201008405-SG
ESX 3.0.3 ESX affected, patch pending
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-200910406-SG
ESX 3.0.3 ESX ESX303-200910402-SG
ESX 2.5.5 ESX not affected
vCenter Server 4.1 GA
vCenter Server 4.0 Update 2 and earlier
VirtualCenter 2.5 Update 6 and earlier
ESXi 4.1 GA
ESXi 4.0 without patch ESXi400-201103402-SG
ESX 4.1 GA
ESX 4.0 without patch ESX400-201103401-SG
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903406-SG
ESX 3.0.2 ESX ESX-1008409
ESX 2.5.5 ESX affected, patch pending
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX affected, patch pending
ESX 4.0 ESX ESX400-201101405-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable
ESX 4.0 ESX not applicable
ESX 3.5 ESX ESX350-201012408-SG
ESX 3.0.3 ESX affected, patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
VirtualCenter 2.5 Windows Virtual Center 2.5 Update 6
VirtualCenter 2.0.2 Windows not being fixed at this time *
hosted ** any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201003403-SG
ESX 3.0.3 ESX not being fixed at this time *
ESX 2.5.5 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200906411-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201204401-SG
ESX 4.0 ESX patch pending **
ESX 3.5 ESX not applicable
============= ======== ======= =================
VirtualCenter any Windows affected, patch pending
hosted * any any for patch info see VMSA-2008-0005
ESXi 3.5 ESXi affected, patch pending
ESX 3.5 ESX for patch info see VMSA-2008-0001
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX affected, patch pending
ESX 3.0.1 ESX affected, patch pending
AMS any any not affected
Fusion 3.1.x OSX Fusion 3.1.3 or later*
ESXi 4.1 ESXi ESXi410-201104402-BG*
ESXi 4.0 ESXi ESXi400-201104402-BG*
ESXi 3.5 ESXi ESXe350-201105402-T-SG*
ESX 4.1 ESX ESX410-201104401-SG*
ESX 4.0 ESX ESX400-201104401-SG*
Server any any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
* Note: This only affects the installer, if you have a version of
Workstation or Player installed you are not vulnerable.
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0002
Synopsis: Cisco Nexus 1000V VEM updates address denial of
service in VMware ESX/ESXi
Issue date: 2011-02-07
Updated on: 2011-02-07 (initial release of advisory)
CVE numbers: CVE-2011-0355
- ------------------------------------------------------------------------
============= ======== ======= =================
VirtualCenter any Windows not applicable
hosted any any not applicable
ESXi 3.5 ESXi not applicable
ESX 3.5 ESX patch ESX350-200806201-UG
ESX 3.0.2 ESX affected, no update planned
ESX 3.0.1 ESX affected, no update planned
ESX 2.5.5 ESX not applicable
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201003405-SG
ESX 3.5 ESX patch pending
ESX 3.0.3 ESX patch pending
ESX 2.5.5 ESX patch pending
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201011402-SG
ESX 4.0 ESX patch pending
ESX 3.x ESX not applicable
Vulnerable versions : from 1.3.4 to 1.3.7
[=] Note about VMware products
VMware ESXi 3.5, ESXi 4 and ESX 4 are running by default a modified
version of SFCB (v1.3.3 in ESX 4). However they were tested as non
vulnerable :
- CVE-2010-1937 has been silently patched in WMware products
- CVE-2010-2054 doesn't affect versions lower than 1.3.4
Update Manager 4.1 Windows Update 2
Update Manager 4.0 Windows Update 4
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200912403-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX Upgrade Patch 12
VirtualCenter 2.5 Windows Virtual Center 2.5 Update 6
VirtualCenter 2.0.2 Windows not being fixed at this time *
hosted ** any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201003403-SG
ESX 3.0.3 ESX not being fixed at this time *
ESX 2.5.5 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX ESX350-201002401-SG
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX not applicable
ESX 3.5 ESX ESX350-201006401-SG
ESX 3.0.3 ESX affected, no update planned
vCenter 4.0 Windows patch pending
VirtualCenter 2.5 Windows VirtualCenter 2.5 Update 6b
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX patch pending
ESX 3.5 ESX ESX350-201203401-SG
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX ESX350-200906407-SG
ESX 3.0.3 ESX affected, patch pending
ESX 3.0.2 ESX affected, patch pending
<<Previous Next>>
|
