| New User, Welcome! Login |
Next Page >>
The Common Vulnerabilities
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
a. Service Console update for COS kernel
Updated COS package "kernel" addresses the security issues that are
fixed through versions 2.6.18-164.11.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,
CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues
fixed in kernel 2.6.18-164.6.1
The Common Vulnerabilities and Exposures project (cve.mitre.org)
display request (direct or via a custom application), leading to a
denial of service (application crash) or, potentially, arbitrary
code execution with the privileges of the user running the
application using the newt library.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2905 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
reboot of the guest system.
VMware would like to thank iDefense and Stephen Fewer of Harmony
Security for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5671 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
issues that exist in the earlier releases of Microsoft SQL Express.
Customers using other database solutions need not update for
these issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.
Column 4 of the following table lists the action required to
VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS
Security (http://www.acrossecurity.com) for reporting this issue
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1141 to this issue.
Steps needed to remediate this vulnerability:
Guest systems on VMware Workstation, Player, ACE, Server, Fusion
VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS
Security (http://www.acrossecurity.com) for reporting this issue
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1141 to this issue.
Steps needed to remediate this vulnerability:
Guest systems on VMware Workstation, Player, ACE, Server, Fusion
a. ESX third party update for Service Console openssl RPM
The Service Console openssl RPM is updated to
openssl-0.9.8e.12.el5_5.7 resolving two security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-7270 and CVE-2010-4180 to these
issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
virtual machines on that host.
VMware would like to thank Andrew Honig of the Department of
Defense for reporting this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4916 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
actions.
VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai,
and Michal Bucko for reporting these issues to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2008-3691, CVE-2008-3692,
CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and
CVE-2008-3696 to the security issues with VMware ActiveX controls.
VMware Product Running Replace with/
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
COS kernel.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,
CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494,
CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182,
Systems.
VMware would like to thank Tarjei Mandt for reporting theses
issues to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2012-1509 (XPDM buffer overrun),
CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null
pointer dereference) to these issues.
Note: CVE-2012-1509 doesn't affect ESXi and ESX.
OpenSSL 0.9.7a-33.24 and earlier does not properly check the return
value from the EVP_VerifyFinal function, which could allow a remote
attacker to bypass validation of the certificate chain via a
malformed SSL/TLS signature for DSA and ECDSA keys.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-5077 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
A stack-based buffer overflow in the script_write_params method in
ISC DHCP dhclient allows remote DHCP servers to execute arbitrary
code via a crafted subnet-mask option.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-0692 to this issue.
An insecure temporary file use flaw was discovered in the DHCP
daemon's init script ("/etc/init.d/dhcpd"). A local attacker could
use this flaw to overwrite an arbitrary file with the output of the
Mitigation
- Do not allow untrusted users access to your virtual machines.
Root or Administrator level permissions are not required to
exploit this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2012-1516 to this issue.
VMware would like to thank Derek Soeder of Ridgeway Internet
Security, L.L.C. for reporting this issue to us.
~ This patch fixes a flaw in how the aacraid SCSI driver checked
~ IOCTL command permissions. This flaw might allow a local user
~ on the service console to cause a denial of service or gain
~ privileges. Thanks to Adaptec for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-4308 to this issue.
~ ESX Server 3.0.2 ESX-1003362
~ http://download3.vmware.com/software/vi/ESX-1003362.tgz
~ md5sum: f828e7c1c00c2b32ebd4f14f92febe16
Alexander Sotirov from VMware Security Research discovered a
buffer overflow vulnerability in the OpenPegasus Management server.
This flaw could be exploited by a malicious remote user on the
service console network to gain root access to the service console.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5360 to this issue.
RPM Updated: pegasus-2.5-552927
VM Shutdown: No
Host Reboot: No
Alexander Sotirov from VMware Security Research discovered a
buffer overflow vulnerability in the OpenPegasus Management server.
This flaw could be exploited by a malicious remote user on the
service console network to gain root access to the service console.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-5360 to this issue.
RPM Updated: pegasus-2.5-552927
VM Shutdown: No
Host Reboot: No
enabled, a remote attacker could send a carefully crafted request
that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module.
The Common Vulnerabilities and Exposures project has assigned the
names CVE-2006-5752, CVE-2007-3304 and CVE-2007-1863 to these issues.
clamav < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: Some vulnerabilities have been reported in ClamAV,
which can potentially be exploited by malicious people to cause a
a. Service Console update for cpio
The service console package cpio is updated to version 2.5-6.RHEL3.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
a. Service Console update for cpio
The service console package cpio is updated to version 2.5-6.RHEL3.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues
addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
a. Service Console update for NSS_db
The service console package NSS_db is updated to version
nss_db-2.2-35.4.el5_5.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0826 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
chkconfig vmware-webAccess off
VMware would like to thank David Byrne and Tom Leavey of Trustwave's
SpiderLabs for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2277 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
a. ESX third party update for Service Console kernel
This update takes the console OS kernel package to
kernel-2.6.18-238.9.1 which resolves multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-1083, CVE-2010-2492, CVE-2010-2798,
CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015,
CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086,
CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477,
CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865,
A corrupt VMDK delta disk, or virtual machine would have to be loaded
by an administrator.
VMware would like to thank Craig Marshall for reporting this issue.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2008-4914 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration
Server login.php Command Injection Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2009-01/0111.html
The vulnerability is in a function of common.php which is called from the
login.php page.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-5449 to this issue.
Oracle Secure Backup Administration Server login.php Command Injection
Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=769
the host to elevate their privileges.
VMware Workstation and Player running on Microsoft Windows are not
affected.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-4295 to this issue.
VMware would like to thank Dan Rosenberg for reporting this issue.
The following table lists what action remediates the vulnerability
resources.
VMware would like to thank Nicolas Gregoire and US CERT for
reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-3609 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
A vulnerability in the udev program did not verify whether a NETLINK
message originates from kernel space, which allows local users to
gain privileges by sending a NETLINK message from user space.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-1185 to this issue.
Please see http://kb.vmware.com/kb/1011786 for details.
The following table lists what action remediates the vulnerability
Next Page>>
|
|
|
