Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA22875] VMware ESX Server Multiple Vulnerabilities



> 
> TITLE:
> VMware ESX Server Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA22875
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22875/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass, Exposure of sensitive information, DoS, System
> access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> VMware ESX Server 2.x
> http://secunia.com/product/2125/
> 
> DESCRIPTION:
> Some vulnerabilities, security issues, and a weakness have been
> reported in VMware ESX Server, which can be exploited by malicious,
> local users to bypass certain security restrictions and disclose
> potentially sensitive information, or by malicious people to cause a
> DoS (Denial of Service) and potentially compromise a vulnerable
> system.
> 
> For more information:
> SA15930
> SA16793
> SA19357
> SA19657
> SA19724
> SA19869
> SA20100
> SA20980
> 
> This also fixes a security issue is OpenSSH, which is caused due to
> an error in signaling child processes to terminate after the
> LoginGraceTime period has expired. This may be exploited to cause a
> DoS by preventing the daemon from accepting new connections.
> 
> SOLUTION:
> VMware ESX Server 2.0.2:
> Apply Upgrade Patch 2
> 
> VMware ESX Server 2.1.3:
> Apply Upgrade Patch 2
> 
> VMware ESX Server 2.5.3:
> Apply Upgrade Patch 4 (do not apply this patch to SunFire X4100 or
> X4200 servers).
> 
> VMware ESX Server 2.5.4:
> Apply Upgrade Patch 1
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> http://www.vmware.com/download/esx/esx-253-200610-patch.html
> http://www.vmware.com/download/esx/esx-254-200610-patch.html
> http://www.vmware.com/download/esx/esx-213-200610-patch.html
> http://www.vmware.com/download/esx/esx-202-200610-patch.html
> 
> OTHER REFERENCES:
> SA15930:
> http://secunia.com/advisories/15930/
> 
> SA16793:
> http://secunia.com/advisories/16793/
> 
> SA19357:
> http://secunia.com/advisories/19357/
> 
> SA19657:
> http://secunia.com/advisories/19657/
> 
> SA19724:
> http://secunia.com/advisories/19724/
> 
> SA19869:
> http://secunia.com/advisories/19869/
> 
> SA20100:
> http://secunia.com/advisories/20100/
> 
> SA20980:
> http://secunia.com/advisories/20980/
> 



 




Copyright © Lexa Software, 1996-2009.