Next Page >>
version
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. No versions of ESX Server, including
~ ESX Server 3i, are affected by this vulnerability. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
- - -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2007-0006
Synopsis: Critical security updates for all supported
versions of VMware ESX Server, VMware Server,
VMware Workstation, VMware ACE, and
VMware Player
Issue date: 2007-09-18
Updated on: 2007-09-18
Summary
=======
A vulnerability exists in some Cisco Secure Access Control System
(ACS) versions that could allow a remote, unauthenticated attacker to
change the password of any user account to any value without
providing the account's previous password. Successful exploitation
requires the user account to be defined on the internal identity
store.
file that is hosted on a WebEx meeting site. The players can also be
manually installed for offline playback after downloading the
application from www.webex.com
If the WRF player was automatically installed, it will be
automatically upgraded to the latest, nonvulnerable version when
users access a recording file that is hosted on a WebEx meeting site.
If the WRF player was manually installed, users will need to manually
install a new version of the player after downloading the latest
version from www.webex.com
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01531379
Version: 1
HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01531379
Version: 1
HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
Notes:
Effective May 2010, VMware's patch and update release program during
Extended Support will be continued with the condition that all
subsequent patch and update releases will be based on the latest
baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,
ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section
"End of Product Availability FAQs" at
http://www.vmware.com/support/policies/lifecycle/vi/faq.html for
details.
3. Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
The following table displays the products that are affected by each
vulnerability that is described within this advisory.
+-------------------------------------------------------------------+
| | Products and Versions |
| | Affected |
|Vulnerability |-----------------------------|
| | Cisco ACE | Cisco ACE |
| | 4710 | Module |
| | Appliance | |
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01623905
Version: 1
HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Cisco WebEx meeting service. The Cisco WebEx meeting service
automatically downloads, installs, and configures Meeting Manager the
first time a user begins or joins a meeting.
When users connect to the WebEx meeting service, the WebEx Meeting
Manager is automatically upgraded to the latest version. There is a
manual workaround available for users who are not able to connect to
the WebEx meeting service.
Cisco WebEx is in the process of upgrading the meeting service
infrastructure with fixed versions of the affected file.
Unified Communications Manager.
Vulnerable Products
+------------------
The following Cisco Unified Communications Manager versions are
affected:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8
* Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b
* Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a
Summary
=======
A vulnerability in the Internet Group Management Protocol (IGMP)
version 3 implementation of Cisco IOS Software and Cisco IOS XE
Software allows a remote unauthenticated attacker to cause a reload
of an affected device. Repeated attempts to exploit this
vulnerability could result in a sustained denial of service (DoS)
condition. Cisco has released free software updates that address this
vulnerability.
Vulnerable Products
+------------------
The following products are vulnerable:
* Cisco Unified CallManager 4.1 versions
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4b
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1b
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
* Cisco Unified Communications Manager 7.0 versions prior to 7.0(2)
=================
Vulnerable Products
+------------------
This vulnerability affects all versions of CiscoWorks Common
Services-based products running on Microsoft Windows
Common Services version 4.1 and later are not affected by this
vulnerability.
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02048471
Version: 2
HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
VMware ESX 3.0.3 without patch ESX303-200811401-BG
VMware ESX 3.0.2 without patch ESX-1006980
NOTE: General Support for Workstation version 5.x ended on
2009-03-19. Users should plan to upgrade to the latest
Workstation version 6.x release.
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08.
Users should plan to upgrade to ESX 3.0.3 and preferably to
Vulnerable Products
+------------------
The following products are vulnerable:
* Cisco Unified CallManager 4.1 versions
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)SR1
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3c)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(2)
=================
Vulnerable Products
- -------------------
The following are the products and versions affected by each
vulnerability described within this advisory.
+---------------------------------------+
| Vulnerability | Product | Version |
| | Affected | Affected |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability
Advisory ID: cisco-sa-20110720-asr9k
Revision 1.0
Summary
=======
Cisco IOS® Software with support for Network Time Protocol (NTP)
version (v4) contains a vulnerability processing specific NTP packets
that will result in a reload of the device. This results in a remote
denial of service (DoS) condition on the affected device.
Cisco has released free software updates that address this
vulnerability.
Cisco ASA or Cisco PIX security appliances that are configured for IPsec
or SSL-based remote access VPN and have the Override Account Disabled
feature enabled are affected by this vulnerability.
Note: The Override Account Disabled feature was introduced in Cisco
ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1,
7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is
disabled by default.
Crafted HTTP Packet DoS Vulnerability
+------------------------------------
Vulnerable Products
+------------------
These products are vulnerable:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
Vulnerable Products
+------------------
These products are vulnerable:
* Cisco Unified CallManager 4.1 versions prior to 4.1.3SR7
* Cisco Unified Communications Manager 4.2 versions prior to 4.2(3)SR4
* Cisco Unified Communications Manager 4.3 versions prior to 4.3(2)
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(1)
=======
A vulnerability exists in the Cisco Firewall Services Module (FWSM)
- - - a high-speed, integrated firewall module for Cisco Catalyst 6500
switches and Cisco 7600 Series routers, that may result in a reload
of the FWSM. The only affected FWSM System Software Version is
3.2(3).
There are no known instances of intentional exploitation of this
issue. However, Cisco has observed data streams that appear to be
unintentionally triggering this vulnerability.
Affected Products
=================
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities. Affected versions of Cisco ASA Software
vary depending on the specific vulnerability.
Vulnerable Products
+------------------
Vulnerable Products
+------------------
The Cisco FWSM for the Cisco Catalyst 6500 Series switches and Cisco
7600 Series routers is affected by multiple vulnerabilities. Affected
versions of Cisco FWSM Software vary depending on the specific
vulnerability. Refer to the "Software Version and Fixes" section for
specific information on vulnerable versions.
Syslog Message Memory Corruption Denial of Service Vulnerability
+---------------------------------------------------------------
=================
Vulnerable Products
+------------------
The following Cisco UCCX versions are vulnerable:
* Cisco UCCX version 6.0(x)
* Cisco UCCX version 7.0(x)
* Cisco UCCX version 8.0(x)
* Cisco UCCX version 8.5(x)
Next Page>>
|
