‫ VMware vCenter Server Products Multiple Vulnerabilities

IRCAD2013042661
ID: IRCAD2013042661
Release Date: 2013-04-26
Criticality level: Highly critical
 
Software:
VMware vCenter Server 5.x
VMware vCenter Server Appliance 5.x
 
Description:
Multiple vulnerabilities have been reported in VMware vCenter Server products, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
1) The authentication mechanism when using Active Directory (AD) with anonymous LDAP binding does not properly verify login credentials. This can be exploited to bypass authentication and login as an arbitrary user by providing a valid user name and a blank password.
2) An error within the Virtual Appliance Management Interface (VAMI) can be exploited to execute existing files as root.
3) An error within the Virtual Appliance Management Interface (VAMI) can be exploited to upload malicious files to an arbitrary location.
4) The application bundled a vulnerable version of Java.
5) The application bundled a vulnerable version of Apache Tomcat.
The vulnerabilities are reported in version 5.1 without Update 1.
 
Solution
Update to version 5.1 Update 1.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 7 اردیبهشت 1392

امتیاز

امتیاز شما
تعداد امتیازها:0