Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA22875] VMware ESX Server Multiple Vulnerabilities

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA22875] VMware ESX Server Multiple Vulnerabilities
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Tue, 14 Nov 2006 16:35:06 +0300
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AccH4HeYKCAlSzySR+K3r2xAY0RJtwAECJeA
Thread-topic: [SA22875] VMware ESX Server Multiple Vulnerabilities

> 
> TITLE:
> VMware ESX Server Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA22875
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22875/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass, Exposure of sensitive information, DoS, System
> access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> VMware ESX Server 2.x
> http://secunia.com/product/2125/
> 
> DESCRIPTION:
> Some vulnerabilities, security issues, and a weakness have been
> reported in VMware ESX Server, which can be exploited by malicious,
> local users to bypass certain security restrictions and disclose
> potentially sensitive information, or by malicious people to cause a
> DoS (Denial of Service) and potentially compromise a vulnerable
> system.
> 
> For more information:
> SA15930
> SA16793
> SA19357
> SA19657
> SA19724
> SA19869
> SA20100
> SA20980
> 
> This also fixes a security issue is OpenSSH, which is caused due to
> an error in signaling child processes to terminate after the
> LoginGraceTime period has expired. This may be exploited to cause a
> DoS by preventing the daemon from accepting new connections.
> 
> SOLUTION:
> VMware ESX Server 2.0.2:
> Apply Upgrade Patch 2
> 
> VMware ESX Server 2.1.3:
> Apply Upgrade Patch 2
> 
> VMware ESX Server 2.5.3:
> Apply Upgrade Patch 4 (do not apply this patch to SunFire X4100 or
> X4200 servers).
> 
> VMware ESX Server 2.5.4:
> Apply Upgrade Patch 1
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> http://www.vmware.com/download/esx/esx-253-200610-patch.html
> http://www.vmware.com/download/esx/esx-254-200610-patch.html
> http://www.vmware.com/download/esx/esx-213-200610-patch.html
> http://www.vmware.com/download/esx/esx-202-200610-patch.html
> 
> OTHER REFERENCES:
> SA15930:
> http://secunia.com/advisories/15930/
> 
> SA16793:
> http://secunia.com/advisories/16793/
> 
> SA19357:
> http://secunia.com/advisories/19357/
> 
> SA19657:
> http://secunia.com/advisories/19657/
> 
> SA19724:
> http://secunia.com/advisories/19724/
> 
> SA19869:
> http://secunia.com/advisories/19869/
> 
> SA20100:
> http://secunia.com/advisories/20100/
> 
> SA20980:
> http://secunia.com/advisories/20980/
>

Prev by Date: [security-alerts] FW: [SA22860] D-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow
Next by Date: [security-alerts] FW: [SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities
Previous by thread: [security-alerts] FW: [SA22860] D-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow
Next by thread: [security-alerts] FW: [SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities
Index(es):
- Date
- Thread