‫ VMware Products Multiple Vulnerabilities

IRCAD2013022517
ID: IRCAD2013022517
Release Date: 2013-02-22
Criticality level: Highly critical
 
Software:
VMware ESX Server 3.x
VMware ESX Server 4.x
VMware ESXi 3.x
VMware ESXi 4.x
VMware ESXi 5.x
VMware vCenter Server 4.x
VMware vCenter Server 5.x
VMware VirtualCenter 2.x
 
Description:
VMware has acknowledged multiple vulnerabilities in multiple VMware products, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
1) An error in the handling of the NFC (Network File Copy) protocol can be exploited to corrupt memory.
Successful exploitation requires the ability to conduct a MitM (Man-in-the-Middle) attack against a vCenter Server or ESXi/ESX system and a client.
2) The products bundle a vulnerable version of OpenSSL.
3) The products bundle a vulnerable version of Oracle Java.
Please see the vendor's advisory for a list of affected products and versions.
 
Solution
Apply patches (please see the vendor's advisory for details).
 
vCenter Server 5.1.0
Download link: 
Release Notes: 
 
vCenter Server 5.0 
Download link: 
Release Notes: 
 
vCenter Server 4.0 
Download link: 
Release Notes: 
 
VirtualCenter 2.5 
Download link: 
Release Notes: 
 
ESXi and ESX 
 
ESXi 5.1 
File: ESXi510-201212001.zip 
md5sum: 81d562c00942973f13520afac4868748 
sha1sum: ec1ff6d3e3c9b127252ba1b710c74119f1164786 
http://kb.vmware.com/kb/2035775 
ESXi510-201212001 contains ESXi510-201212102-SG
 
ESXi 5.0 
File: update-from-esxi5.0-5.0_update02.zip 
md5sum: ab8f7f258932a39f7d3e7877787fd198 
sha1sum: b65bacab4e38cf144e223cff4770501b5bd23334 
http://kb.vmware.com/kb/2033751 
update-from-esxi5.0-5.0_update02 contains ESXi500-201212102-SG
 
ESXi 4.1 
File: ESXi410-201211001.zip 
md5sum: f7da5cd52d3c314abc31fe7aef4e50d3 
sha1sum: a4d2232723717d896ff3b0879b0bdb3db823c0a1 
http://kb.vmware.com/kb/2036257 
ESXi410-201211001 contains ESXi410-201211402-BG
 
ESXi 4.0 
File: ESXi400-201302001.zip 
md5sum: 8fca17ca97669dd1d34c34902e8e7ddf 
sha1sum: 51d76922eb7116810622acdd611f3029237a5680 
http://kb.vmware.com/kb/2041344 
ESXi400-201302001 contains ESXi400-201302402-SG
 
ESXi 3.5 
File: ESXe350-201302401-O-SG.zip 
md5sum: a2c5f49bc865625b3796c41c202d1696 
sha1sum: 12d25011d9940ea40d45f77a4e5bcc7e7b0c0cee 
http://kb.vmware.com/kb/2042543 
ESXe350-201302401-O-SG.zip contains ESXe350-201302401-I-SG and ESXe350-201302403-C-SG
 
ESX 4.1 
File: ESX410-201211001.zip 
md5sum: c167bccc388661e329fc494df13855c3 
sha1sum: a8766b2eff68813a262d21a6a6ebeaae62e58c98 
http://kb.vmware.com/kb/2036254 
ESX410-201211001 contains ESX410-201211401-SG
 
ESX 4.0 
File: ESX400-201302001.zip 
md5sum: 5ca4276e97c19b832d778e17e5f4ba64 
sha1sum: 8d73cf062d8b23bd23f9b85d23f97f2888e4612f 
ESX400-201302001 contains ESX400-201302401-SG
 
ESX 3.5 
File: ESX350-201302401-SG.zip 
md5sum: e703cb0bc3e1eaa8932a96ea96f34a00 
sha1sum: 91dcf1bf7194a289652d0904dd7af8bce0a1d2dd 
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 5 اسفند 1391

امتیاز

امتیاز شما
تعداد امتیازها:0