Jump to content


Photo

VMware svr and client multiple vulns - updates available


  • Please log in to reply
119 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 16 November 2010 - 12:20 PM

FYI...

- http://www.vmware.co...-2010-0016.html

VMSA-2010-0016 VMware ESXi and ESX third party updates...
- http://lists.vmware....010/000108.html
Nov 15 23:52:50 PST 2010
Advisory ID: VMSA-2010-0016
Synopsis: VMware ESXi and ESX third party updates for Service Console and Likewise components
Issue date: 2010-11-15
CVE numbers: CVE-2010-0415 CVE-2010-0307 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1437 CVE-2010-1088 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-4212 CVE-2010-1321 ...

- http://secunia.com/advisories/42280/
Release Date: 2010-11-16
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote ...
Solution Status: Vendor Patch ...
Original Advisory: VMSA-2010-0016:
http://lists.vmware....010/000108.html

- http://secunia.com/advisories/42240/

:!:

Edited by AplusWebMaster, 16 November 2010 - 05:41 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 30 November 2010 - 08:05 AM

FYI...

- http://www.vmware.co...-2010-0017.html

VMSA-2010-0017 - VMware ESX Server update for kernel
- http://secunia.com/advisories/42384/
Release Date: 2010-11-30
Impact: Privilege escalation
Where: Local system
Solution Status: Partial Fix
... update for the Console OS (COS) kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
Original Advisory: VMSA-2010-0017:
http://lists.vmware....010/000111.html
CVE reference:
- http://web.nvd.nist....d=CVE-2010-3081
Last revised: 11/19/2010
CVSS v2 Base Score: 7.2 (HIGH)

- http://lists.vmware....10/subject.html
Starting: Wed Jan 6 23:07:55 PST 2010
Ending: Mon Nov 29 22:34:15 PST 2010
Messages: 37

:!:

Edited by AplusWebMaster, 30 November 2010 - 12:40 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 03 December 2010 - 04:30 AM

FYI...

VMSA-2010-0018 VMware - ESX patches...
- http://www.vmware.co...-2010-0018.html
Advisory ID: VMSA-2010-0018
Synopsis: VMware hosted products and ESX patches resolve multiple security issues
Issue date: 2010-12-02
CVE numbers: CVE-2010-4295 CVE-2010-4296 CVE-2010-4297 CVE-2010-4294

- http://www.securityt....com/id?1024819
Dec 3 2010
- http://www.securityt....com/id?1024820
Dec 3 2010

:ph34r:

Edited by AplusWebMaster, 03 December 2010 - 07:53 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 07 December 2010 - 02:13 PM

FYI...

VMSA-2010-0019 VMware ESX third party updates for Service Console
- http://www.vmware.co...-2010-0019.html
Dec 7, 2010 - Advisory ID: VMSA-2010-0019
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-12-07
CVE numbers:
- http://web.nvd.nist....d=CVE-2010-0405
- http://web.nvd.nist....d=CVE-2010-0590
- http://web.nvd.nist....d=CVE-2010-2409
- http://web.nvd.nist....d=CVE-2010-3069
- http://web.nvd.nist....d=CVE-2010-3555

- http://secunia.com/advisories/42467/
- http://secunia.com/advisories/42529/
- http://secunia.com/advisories/42530/
- http://secunia.com/advisories/42531/
Release Date: 2010-12-07

:ph34r:

Edited by AplusWebMaster, 07 December 2010 - 05:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 22 December 2010 - 05:24 AM

FYI...

VMSA-2010-0020 - VMware ESXi 4.1 Update Installer SFCB Authentication Flaw
- http://www.vmware.co...-2010-0020.html
Issue date: 2010-12-21
CVE number: CVE-2010-4573
ESXi 4.1 - Workaround described in VMware Knowledge Base Article KB 1031761:
http://kb.vmware.com/kb/1031761

- http://kb.vmware.com/kb/1017910

- http://secunia.com/advisories/42591/
Release Date: 2010-12-22
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote
... The security issue is reported in version 4.1.
Solution: Follow the vendor's workaround.

- http://www.securityt....com/id?1024917
Dec 22 2010

:ph34r:

Edited by AplusWebMaster, 22 December 2010 - 07:39 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 05 January 2011 - 10:48 AM

FYI...

VMSA-2011-0001 - VMware ESX 3rd party updates for Service Console
- http://secunia.com/advisories/42787/
Release Date: 2011-01-05
Impact: Privilege escalation, DoS, System access
Where: From local network
CVE Reference(s): CVE-2010-0211, CVE-2010-0212, CVE-2010-2956, CVE-2010-3847, CVE-2010-3856
Original Advisory: VMSA-2011-0001:
http://www.vmware.co...-2011-0001.html
Synopsis: VMware ESX third party updates for Service Console packages glibc, sudo, and openldap...

- http://isc.sans.edu/...l?storyid=10204
Last Updated: 2011-01-05 12:39:50 UTC

:ph34r:

Edited by AplusWebMaster, 05 January 2011 - 11:06 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 08 February 2011 - 10:34 AM

FYI...

VMSA-2011-0002 Cisco Nexus 1000V VEM updates
- http://www.vmware.co...-2011-0002.html
Synopsis: Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
Issue date: 2011-02-07
CVE numbers: CVE-2011-0355
Relevant releases: The following VMware products could be affected by a denial of service vulnerability that is present in older versions of the Cisco Nexus 1000V virtual switch:
ESXi 4.1, ESXi 4.0, ESX 4.1, ESX 4.0

- http://www.securityt....com/id/1025030
Feb 8 2011

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 11 February 2011 - 03:03 PM

FYI...

Win 7 Patch Tuesday security udpates break VMware software
- http://www.h-online....re-1188165.html
11 February 2011

- http://www.us-cert.g...ory_for_windows
February 11, 2011

VMSA-2011-0003 - 3rd party component updates...
- http://www.vmware.co...-2011-0003.html
2011-02-10
Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Summary: Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.
Relevant releases: vCenter Server 4.1 without Update 1, vCenter Update Manager 4.1 without Update 1, ESXi 4.1 without patch ESXi410-201101201-SG, ESX 4.1 without patch ESX410-201101201-SG...

:!: :!:

Edited by AplusWebMaster, 14 February 2011 - 06:32 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 08 March 2011 - 04:39 AM

FYI...

VMSA-2011-0004 VMware...
- http://www.vmware.co...-2011-0004.html
Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
Issue date: 2011-03-07
CVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762 CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 CVE-2010-2059 CVE-2010-3609 ...
1. Summary:
Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.
2. Relevant releases:
VMware ESXi 4.1 without patch ESXi410-201101201-SG.
VMware ESXi 4.0 without patch ESXi400-201103401-SG.
VMware ESX 4.1 without patch ESX410-201101201-SG.
VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG, ESX400-201103407-SG...
___

- http://secunia.com/advisories/43675/
Release Date: 2011-03-08
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS
- http://secunia.com/advisories/43601/
Release Date: 2011-03-08

- http://www.securityt....com/id/1025168
Mar 8 2011

:!:

Edited by AplusWebMaster, 08 March 2011 - 05:14 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 15 March 2011 - 12:00 PM

FYI...

VMSA-2011-0005 - VMware vCenter Orchestrator vuln
- http://www.vmware.co...-2011-0005.html
2011-03-14: 1. Summary:
A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution.
2. Relevant releases:
VMware vCenter Orchestrator 4.1
VMware vCenter Orchestrator 4.0
3. Problem Description:
VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component. The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated...
4. Solution: vCenter Orchestrator workaround for Apache Struts
- http://kb.vmware.com/kb/1034175

- http://secunia.com/advisories/43717/
Release Date: 2011-03-16
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access
Where: From local network
Original Advisory: VMSA-2011-0005:
http://www.vmware.co...-2011-0005.html
http://kb.vmware.com/kb/1034175

:!:

Edited by AplusWebMaster, 16 March 2011 - 09:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#61 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 30 March 2011 - 12:14 PM

FYI...

VMSA-2011-0006 - VMware vmrun utility local privilege escalation
- http://www.vmware.co...-2011-0006.html
Issue date: 2011-03-29
CVE numbers: http://cve.mitre.org...e=CVE-2011-1126
... installed in VMware Workstation by default.
- http://kb.vmware.com/kb/1035509

- http://secunia.com/advisories/43885/
Release Date: 2011-03-30
- http://secunia.com/advisories/43943/
Release Date: 2011-03-30

- http://www.securityt....com/id/1025270
Mar 30 2011

:!:

Edited by AplusWebMaster, 30 March 2011 - 12:16 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 28 April 2011 - 03:22 PM

FYI...

VMSA-2011-0007 - VMware ESXi 4.1 Security and Firmware Updates
- http://www.vmware.co...-2011-0007.html
2011-04-28
Synopsis: VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
Summary: VMware ESXi and ESX could encounter a socket exhaustion situation which may lead to a denial of service. Updates to Likewise components and to the ESX Service Console address security vulnerabilities...

- http://isc.sans.edu/...l?storyid=10786
Last Updated: 2011-04-28 17:23:27 UTC - "The patch resolves several security issues (CVE-2011-1786, CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021, and CVE-2011-1785) affecting OpenLDAP and KRB5. The full list of issues fixed with patch ESXi410-201104401-SG is available here* and the patch can be downloaded here**."

* http://kb.vmware.com/kb/1035108

** http://www.vmware.com/patch/download/
___

- http://www.securityt....com/id/1025452
Apr 28 2011

:!:

Edited by AplusWebMaster, 28 April 2011 - 08:49 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 06 May 2011 - 12:26 PM

FYI...

VMSA-2011-0008 - VMware ESXi and ESX - updates
- http://www.vmware.co...-2011-0008.html
2011-05-05
CVE numbers: CVE-2011-0426, CVE-2011-1788, CVE-2011-1789
Synopsis: VMware vCenter Server and vSphere Client security vulnerabilities
Summary: VMware vCenter Server directory traversal and information disclosure vulnerabilities. vSphere Client Installer is delivered through an unsigned package...
References: VMware KB 1021404
http://kb.vmware.com/kb/1021404

- http://www.securityt....com/id/1025502
May 6 2011

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 03 June 2011 - 07:57 AM

FYI...

VMSA-2011-0009 VMware multiple security issues...
- http://www.vmware.co...-2011-0009.html
Synopsis: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Issue date: 2011-06-02
CVE numbers: CVE-2009-4536, CVE-2010-1188, CVE-2009-3080, CVE-2010-2240, CVE-2011-2146, CVE-2011-1787, CVE-2011-2145, CVE-2011-2217...
Problem Description: VMware vmkernel third party e1000 Driver Packet Filter Bypass
There is an issue in the e1000 Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters...

- http://secunia.com/advisories/44826/
- http://secunia.com/advisories/44837/
- http://secunia.com/advisories/44838/
- http://secunia.com/advisories/44839/
- http://secunia.com/advisories/44840/
Jun 3 2011

- http://www.securityt....com/id/1025601
- http://www.securityt....com/id/1025602
Jun 3 2011

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 29 July 2011 - 07:36 AM

FYI...

VMSA-2011-0010 - VMware ESX third party updates - Svc Console pkgs...
- http://www.vmware.co...-2011-0010.html
2011-07-28
CVE numbers: CVE-2010-0296, CVE-2011-0536, CVE-2011-0997, CVE-2011-1071, CVE-2011-1095
Summary: ESX Service Console OS (COS) updates to remediate vulnerabilities in glibc and dhcp... update for the console OS kernel package resolves four security issues...

- http://secunia.com/advisories/45467/
Release Date: 2011-07-29
Criticality level: Moderately critical
Impact: Privilege escalation, DoS, System access
Where: From local network ...
... The updates also include a fix for a regression introduced due to an earlier update not properly fixing CVE-2010-3847.
Solution: Apply patches if available...

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 12 August 2011 - 05:39 AM

FYI...

VMware vFabric tc Server vuln - updated
- http://www.securityt....com/id/1025923
Updated: Aug 12 2011
CVE Reference: CVE-2011-0527
Version(s): vFabric tc Server 2.0.0.RELEASE to 2.0.5.SR01, 2.1.0.RELEASE to 2.1.1.SR01
... Version 2.5.x is not affected.
Solution: The vendor has issued a fix (2.0.6.RELEASE, 2.1.2.RELEASE)...

- http://downloads.vmw...c_tc_server/2_1

- http://downloads.vmw...c_tc_server/2_0

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 05 October 2011 - 07:59 AM

FYI...

VMSA-2011-0011 VMware hosted products address remote code execution vuln
- http://www.vmware.co...-2011-0011.html
2011-10-04
CVE numbers: http://web.nvd.nist....d=CVE-2011-3868
1. Summary: Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled
2. Relevant releases:
VMware Workstation 7.1.4 and earlier
VMware Player 3.1.4 and earlier
VMware Fusion 3.1.2 and earlier ...

- https://secunia.com/advisories/46241/
Release Date: 2011-10-05
Criticality level: Moderately critical
Impact: System access
Where: From remote...
Solution: Update to version 7.1.5, 3.1.5, or 3.1.3...

- http://www.securityt....com/id/1026139
CVE Reference: CVE-2011-3868
Oct 5 2011
Impact: Execution of arbitrary code via network, User access via network...
Version(s): Workstation 7.1.4 and prior, Player 3.1.4 and prior, Fusion 3.1.2 and prior...

:ph34r:

Edited by AplusWebMaster, 09 October 2011 - 10:49 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 13 October 2011 - 10:56 AM

FYI...

VMSA-2011-0012 - VMware ESXi and ESX updates...
- http://www.vmware.co...-2011-0012.html
Synopsis: VMware ESXi and ESX updates to third party libraries and ESX Service Console
Issue date: 2011-10-12
CVE numbers:
COS Kernel --- CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3296, CVE-2010-3432, CVE-2010-3442, CVE-2010-3477, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-3904, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4161, CVE-2010-4238, CVE-2010-4242, CVE-2010-4243, CVE-2010-4247, CVE-2010-4248, CVE-2010-4249, CVE-2010-4251, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343, CVE-2010-4346, CVE-2010-4526, CVE-2010-4655, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010, CVE-2011-1090, CVE-2011-1478
COS krb5 --- CVE-2010-1323, CVE-2011-0281, CVE-2011-0282
glibc library --- CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659
mtp2sas --- CVE-2011-1494, CVE-2011-1495 ...

- https://secunia.com/advisories/46397/
Release Date: 2011-10-13
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0012):
http://www.vmware.co...-2011-0012.html

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 28 October 2011 - 07:01 AM

FYI...

VMSA-2011-0012.1
VMware ESXi and ESX updates to third party libraries and ESX Service Console
- http://www.vmware.co...-2011-0012.html
Updated on: 2011-10-27

VMSA-2011-0009.2
VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
- http://www.vmware.co...-2011-0009.html
Updated on: 2011-10-27

VMSA-2011-0010.2
VMware ESX third party updates for Service Console packages glibc and dhcp
- http://www.vmware.co...-2011-0010.html
Updated on: 2011-10-12
___

VMSA-2011-0013 - VMware third party component updates...
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- http://www.vmware.co...-2011-0013.html
2011-10-27
Summary: Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues...
CVE numbers: --- openssl ---
CVE-2008-7270 CVE-2010-4180
--- libuser ---
CVE-2011-0002
--- nss, nspr ---
CVE-2010-3170 CVE-2010-3173
--- Oracle (Sun) JRE 1.6.0 ---
CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476
--- Oracle (Sun) JRE 1.5.0 ---
CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865
--- SFCB ---
CVE-2010-2054 ...
(See "Download links" and "Release Notes")

- https://secunia.com/advisories/46650/
Release Date: 2011-10-28
Criticality level: Highly critical
Impact: System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware....011/000149.html

- https://secunia.com/advisories/46651/
Release Date: 2011-10-28
Criticality level: Highly critical ...
Impact: Hijacking, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware....011/000149.html

- https://secunia.com/advisories/46529/
Release Date: 2011-10-28
Criticality level: Highly critical ...
Impact: Hijacking, Security Bypass, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory: VMware (VMSA-2011-0013):
http://lists.vmware....011/000149.html

:!: :!:

Edited by AplusWebMaster, 01 November 2011 - 12:10 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 18 November 2011 - 05:28 AM

FYI...

VMSA-2011-0014 VMware vCenter Update Manager
VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
- http://www.vmware.co...-2011-0014.html
2011-11-17
Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability Server, vSphere Update Manager, ESXi and ESX
CVE numbers: CVE-2011-4404
Summary: Configuration update for VMware vSphere Update Manager's third party Jetty Web server component addresses directory traversal vulnerability.
Relevant releases:
vCenter Update Manager 4.1 prior to Update 2
vCenter Update Manager 4.0 prior to Update 4 ...
Download link:
http://downloads.vmw...are_vsphere/4_0
Release Notes:
https://www.vmware.c...s/vum_pubs.html

- http://www.securityt....com/id/1026341
CVE Reference: CVE-2011-4404
Date: Nov 18 2011
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): VMware vCenter Update Manager 4.0 prior to Update 4, 4.1 prior to Update 2
___

VMSA-2011-0013.1...
- http://www.vmware.co...-2011-0013.html
Synopsis: VMware third party component updates for VMware vCenter
Updated on: 2011-11-17
Change log: 2011-11-17 VMSA-2011-0013.1 Update of security advisory after the release of Update 4 for vCenter Server 4.0, vSphere Update Manager 4.0, vSphere Hypervisor (ESXi) 4.0 and ESX 4.0 on 2011-11-17.

VMSA-2011-0012.1...
- http://www.vmware.co...-2011-0012.html
Synopsis: VMware ESXi and ESX updates to third party libraries and ESX Service Console
Updated on: 2011-10-27
Change log: 2011-10-27 VMSA-2011-00012.1 Updated security advisory with the release of Update 2 for vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27.

:!: :ph34r:

Edited by AplusWebMaster, 19 November 2011 - 06:27 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#71 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 17 December 2011 - 11:01 AM

FYI...

VMSA-2011-0009.3 VMware...
- http://www.vmware.co...-2011-0009.html
Updated on: 2011-12-15
Synopsis: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Issue date: 2011-06-02
CVE numbers: CVE-2009-4536 CVE-2010-1188 CVE-2009-3080 CVE-2010-2240 CVE-2011-2146 CVE-2011-1787 CVE-2011-2145 CVE-2011-2217
Summary: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues..."

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#72 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 31 January 2012 - 01:13 PM

FYI...

VMSA-2012-0001
- http://www.vmware.co...-2012-0001.html
Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console
Issue date: 2012-01-30 ...
... -many- CVE's/updates - see the site.

VMware ESXi Server fixes/updates
- https://secunia.com/advisories/47758/
Release Date: 2012-01-31
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
... vulnerabilities are reported in versions 4.0 and 4.1...

VMware ESXi Server Python fixes/updates
- https://secunia.com/advisories/47608/
Release Date: 2012-01-31
Criticality level: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote...
... vulnerabilities are reported in the versions 3.5, 4.0, 4.1, and 5.0...
___

VMSA-2011-0004.3
- http://www.vmware.co...-2011-0004.html
Issue date: 2011-03-07
Updated on: 2012-01-30

:!:

Edited by AplusWebMaster, 31 January 2012 - 05:36 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#73 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 09 March 2012 - 07:50 AM

FYI...

VMSA-2012-0002 - VMware vCenter Chargeback Mgr vuln
- http://www.securityt....com/id/1026778
Date: Mar 9 2012
CVE Reference: CVE-2012-1472
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information
Version(s): prior to 2.0.1
Vendor URL: http://www.vmware.co...-2012-0002.html
... VMware vCenter Chargeback Manager prior to version 2.0.1

VMSA-2012-0003 - VMware VirtualCenter Update and ESX 3.5 patch update JRE
- http://www.vmware.co...-2012-0003.html
Summary: VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE...
Issue date: 2012-03-08
___

VMware New and Updated Advisories
- https://isc.sans.edu...l?storyid=12754
Last Updated: 2012-03-09 22:22:12 UTC

:ph34r:

Edited by AplusWebMaster, 15 March 2012 - 02:22 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#74 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 16 March 2012 - 08:12 AM

FYI...

VMSA-2012-0004 - VMware View privilege escalation and cross-site scripting
- http://www.vmware.co...-2012-0004.html
2012-03-15
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511
Problem Description: The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on View virtual desktops...

- http://www.securityt....com/id/1026814
Date: Mar 16 2012
CVE Reference: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Version(s): View 4.6.0 and prior ...

VMSA-2012-0005...
- http://www.vmware.co...-2012-0005.html
Issue date: 2012-03-15
Synopsis: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues...

- http://www.securityt....com/id/1026815
Date: Mar 16 2012
CVE Reference: CVE-2012-1514
Impact: Execution of arbitrary code via network, Modification of user information
Version(s): vShield Manager 4.0, 4.1 ...

- http://www.securityt....com/id/1026816
Date: Mar 16 2012
CVE Reference: CVE-2012-1513
Impact: Disclosure of authentication information
Version(s): vCO 4.0, 4.1, 4.2 ...

- http://www.securityt....com/id/1026817
Date: Mar 16 2012
CVE Reference: CVE-2012-1512
Impact: Execution of arbitrary code via network, Modification of user information
Version(s): vSphere 4.1, 5.0 ...

- http://www.securityt....com/id/1026818
Date: Mar 16 2012
CVE Reference: CVE-2012-1508, CVE-2012-1510
Impact: Execution of arbitrary code via local system, User access via local system
Version(s): ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0 ...
___

VMware New and Updated Security Advisories
- https://isc.sans.edu...l?storyid=12802
Last Updated: 2012-03-16 11:17:17 UTC

:!:

Edited by AplusWebMaster, 16 March 2012 - 09:13 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#75 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 30 March 2012 - 04:48 AM

FYI...

VMSA-2012-0006 - VMware ESXi and ESX
- http://www.vmware.co...-2012-0006.html
2012-03-29
CVE numbers: CVE-2012-1515, CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862
Summary: VMware ESXi and ESX address several security issues.
Relevant releases:
ESXi 4.1 without patch ESXi410-201101201-SG
ESXi 4.0 without patch ESXi400-201203401-SG
ESXi 3.5 without patch ESXe350-201203401-I-SG
ESX 4.1 without patch ESX410-201101201-SG
ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG
ESX 3.5 without patch ESX350-201203401-SG
a. VMware ROM Overwrite Privilege Escalation...
b. ESX third party update for Service Console kernel...
c. ESX third party update for Service Console krb5 RPM...

VMware ESX Server vuln...
- https://secunia.com/advisories/48612/
Release Date: 2012-03-30
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote ...
Operating System: VMware ESX Server 4.x
CVE Reference(s): CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862

- https://secunia.com/advisories/48669/
Release Date: 2012-03-30
Criticality level: Less critical
Impact: Privilege escalation
Where: Local system ...
Operating System: VMware ESX Server 3.x, 4.x, VMware ESXi 3.x, 4.x
CVE Reference(s): CVE-2012-1515

- http://www.securityt....com/id/1026875
CVE Reference: CVE-2012-1515
Date: Mar 30 2012
Impact: Root access via local system, User access via local system
Version(s): ESX and ESXi 3.5, 4.0, 4.1...
Solution: The vendor has issued a fix...

:!: :ph34r:

Edited by AplusWebMaster, 30 March 2012 - 01:08 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#76 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 13 April 2012 - 04:31 AM

FYI...

VMSA-2012-0007 - VMware hosted products and ESXi/ESX patches...
- http://www.vmware.co...-2012-0007.html
2012-04-12
CVE numbers: CVE-2012-1518
1. Summary: VMware hosted products and ESXi/ESX patches address privilege escalation.
2. Relevant releases
Workstation 8.0.1 and earlier
Player 4.0.1 and earlier
Fusion 4.1.1 and earlier
ESXi 5.0 without patch ESXi500-201203102-SG
ESXi 4.1 without patch ESXi410-201201402-BG
ESXi 4.0 without patch ESXi400-201203402-BG
ESXi 3.5 without patch ESXe350-201203402-T-BG
ESX 4.1 without patch ESX410-201201401-SG
ESX 4.0 without patch ESX400-201203401-SG
ESX 3.5 without patch ESX350-201203402-BG
3. Problem Description
a. VMware Tools Incorrect Folder Permissions Privilege Escalation...

- http://www.securityt....com/id/1026922
Date: Apr 13 2012
CVE Reference: CVE-2012-1518
Impact: Root access via local system, User access via local system
Version(s): Workstation 8.0.1 and prior; Player 4.0.1 and prior; Fusion 4.1.1 and prior
Solution: The vendor has issued a fix (Workstation 8.0.2, Player 4.0.2, Fusion 4.1.2).
The vendor's advisory is available at:
http://www.vmware.co...-2012-0007.html

- http://www.securityt....com/id/1026923
Date: Apr 13 2012
CVE Reference: CVE-2012-1518
Impact: Root access via local system, User access via local system
Version(s): 3.5, 4.0, 4.1; ESXi 5.0
Impact: A local user on a Windows guest operating system can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix.
ESXi 5.0: ESXi500-201203102-SG
ESXi 4.1: ESXi410-201201402-BG
ESXi 4.0: ESXi400-201203402-BG
ESXi 3.5: ESXe350-201203402-T-BG
ESX 4.1: ESX410-201201401-SG
ESX 4.0: ESX400-201203401-SG
ESX 3.5: ESX350-201203402-BG
The vendor's advisory is available at:
http://www.vmware.co...-2012-0007.html

:ph34r:

Edited by AplusWebMaster, 16 April 2012 - 06:49 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#77 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 26 April 2012 - 06:38 AM

FYI...

VMware Security Note
- http://blogs.vmware....urity-note.html
April 24, 2012 - "Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe. The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."

> http://h-online.com/-1559794
26 April 2012

> http://www.theinquir...ing-vmware-code
Apr 26 2012

> http://www.theregist...urce_code_leak/
25 April 2012

:ph34r: :ph34r:

Edited by AplusWebMaster, 26 April 2012 - 09:37 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#78 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 27 April 2012 - 07:51 AM

FYI...

VMSA-2012-0008 - VMware ESX updates to ESX Service Console
- http://www.vmware.co...-2012-0008.html
Synopsis: VMware ESX updates to ESX Service Console
Issue date: 2012-04-26
CVE numbers: CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3191, CVE-2011-4348, CVE-2012-0028, CVE-2011-3905, CVE-2011-3919
Relevant releases: ESX 4.1 without patches ESX410-201204401-SG,ESX410-201204402-SG...

- https://secunia.com/advisories/48959/
Release Date: 2012-04-27
Criticality level: Highly critical
Impact: Privilege escalation, DoS, System access
Where: From remote
... vulnerabilities are reported in versions 4.1 and 4.0.
Solution: Apply patches...
Original Advisory: VMSA-2012-0008:
http://www.vmware.co...-2012-0008.html

:!: :ph34r:

Edited by AplusWebMaster, 27 April 2012 - 07:57 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#79 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 03 May 2012 - 01:32 PM

FYI...

VMSA-2012-0009 - VMware Workstation, Player, ESXi, ESX patches ...
- http://www.vmware.co...-2012-0009.html
2012-05-03
Synopsis: VMware Workstation, Player, ESXi and ESX patches address critical security issues
CVE numbers: CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449, CVE-2012-2450
Relevant releases: Workstation 8.0.2, Player 4.0.2, Fusion 4.1.2,
ESXi 5.0 without patch ESXi500-201205401-SG,
ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG, ESXi410-201201401-SG
ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG
ESXi 3.5 without patch ESXe350-201205401-I-SG
ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG, ESX410-201201401-SG
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
Problem Description: VMware host memory overwrite vulnerability (data pointers)
Due to a flaw in the handler function for RPC commands, it is possible to manipulate data pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
Workaround: Configure virtual machines to use less than 4 GB of memory. Virtual machines that have less than 4GB of memory are not affected.
Mitigation: Do not allow untrusted users access to your virtual machines. Root or Administrator level permissions are not required to exploit this issue...
Solution: Please review the patch/release notes for your product and version and verify the checksum of your downloaded file...
___

- http://h-online.com/-1568119
4 May 2012

:ph34r: :ph34r:

Edited by AplusWebMaster, 04 May 2012 - 08:23 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#80 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 25 May 2012 - 02:49 PM

FYI...

VMSA-2012-0010 - VMware vMA security issue
- http://www.vmware.co...-2012-0010.html
2012-05-25
CVE numbers: CVE-2012-2752
Summary: VMware vMA addresses a security issue
Relevant releases: vMA 4.0, vMA 4.1, vMA 5 patch 1 (5.0.0.1)
Problem Description: VMware Library file loading Privilege Escalation
A flaw in the way library files are loaded could allow for privilege escalation...
Solution: Please review the patch/release notes for your product and version
vMA 5.0 - http://kb.vmware.com/kb/2021164
vSphere Management Assistant 5.0 Patch 2 (5.0.0.2)

Change log:
VMSA-2012-0010 Initial security advisory in conjunction with the release of vMA 5.0 patch 2 (5.0.0.2) ...
___

VMware vMA Library Loading Privilege Escalation Vuln
- https://secunia.com/advisories/49322/
Release Date: 2012-05-28
Impact: Privilege escalation
Where: Local system
CVE Reference: CVE-2012-2752
... vulnerability is reported in versions prior to 5.0.0.2.
Solution: Update to version 5.0.0.2.

- https://secunia.com/advisories/49300/
Release Date: 2012-05-28
Impact: Privilege escalation
Where: Local system
CVE Reference: CVE-2012-2752
... vulnerability is reported in versions 4.0 and 4.1.
Solution: Upgrade to version 5.0.0.2.

:ph34r:

Edited by AplusWebMaster, 29 May 2012 - 05:43 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#81 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 14 June 2012 - 06:43 AM

FYI...

VMSA-2012-0011 - ESXi and ESX patches address security issues
- http://www.vmware.co...-2012-0011.html
2012-06-14
CVE numbers: CVE-2012-3288, CVE-2012-3289
Summary: VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues...
Change log: 2012-06-14 VMSA-2012-0011 Initial security advisory in conjunction with the release of Workstation 7.1.6, Player 3.1.6, ACE 2.7.6, Workstation 8.0.4, Player 4.0.4, Fusion 4.1.3 and patches for ESXi and ESX 3.5, 4.0, 4.1 and 5.0 on 2012-06-13...

- https://secunia.com/advisories/49430/
Release Date: 2012-06-14
Impact: System access
Where: From remote...
... input validation error when parsing Checkpoint files and can be exploited to execute arbitrary code.
Original Advisory: http://www.vmware.co...-2012-0011.html

:!: :ph34r:

Edited by AplusWebMaster, 14 June 2012 - 11:35 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#82 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 13 July 2012 - 09:36 AM

FYI...

VMSA-2012-0012 VMware ESXi update to third party library
- http://www.vmware.co...-2012-0012.html
2012-07-12
CVE numbers: CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841
1. Summary: VMware ESXi update addresses several security issues.
2. Relevant releases: ESX 5.0 without patch ESXi500-201207101-SG
3. Problem Description: ESXi update to third party component libxml2
The libxml2 third party library has been updated which addresses multiple security issues..."

- https://secunia.com/advisories/49858/
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
... vulnerabilities are reported in version 5.0
Solution: Apply patch ESXi500-201207001.
Original Advisory: VMSA-2012-0012:
http://www.vmware.co...-2012-0012.html

- https://secunia.com/advisories/49930/
Release Date: 2012-07-13
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
... The vulnerabilities are reported in versions 4.1, 4.0, and 3.5.
Solution: Patches are currently pending.
Original Advisory: VMSA-2012-0012:
http://www.vmware.co...-2012-0012.html

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#83 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 17 August 2012 - 09:21 AM

FYI...

VMware Workstation/Player multiple vulns
- https://secunia.com/advisories/50093/
Release Date: 2012-08-17
Impact: Privilege escalation
Where: Local system
... vulnerabilities are reported in the following products:
* VMware Workstation -prior- to version 7.1.6.
* VMware Player -prior- to versions 3.1.6.
... For more information see vulnerabilities #1, #3, and #4 in: https://secunia.com/SA49019/
Solution: Update to a fixed version.
Original Advisory: http://www.vmware.co...-2012-0009.html
VMSA-2012-0009.2
Synopsis: VMware Workstation, Player, Fusion, ESXi and ESX patches address critical security issues
CVE numbers:
- http://web.nvd.nist....d=CVE-2012-1516 - 9.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-1517 - 9.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2448 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2449 - 9.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2450 - 9.0 (HIGH)
Summary: VMware Workstation, Player, Fusion, ESXi and ESX patches address critical security issues...
Change log: 2012-06-13 VMSA-2012-0009.2 Updated Relevant Releases, Problem Description, and Solution sections to include information regarding updates for Workstation 7 and Fusion 4 in conjunction with the release of Workstation 7.1.6 and Fusion 4.1.3 on 2012-06-13...

Workstation 7.1.6 Release Notes
- https://www.vmware.c...otes_ws716.html

Player 3.1.6 Release Notes
- https://www.vmware.c..._player316.html
___

>> http://www.symantec....irtual-machines
20 Aug 2012 - "... threat searches for a VMware virtual machine image on the compromised computer and, if it finds an image, it mounts the image and then copies itself onto the image by using a VMware Player tool... may be the first malware that attempts to spread onto a virtual machine..."

:!:

Edited by AplusWebMaster, 22 August 2012 - 09:01 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#84 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 31 August 2012 - 09:07 AM

FYI...

VMSA-2012-0013 - VMware vSphere and vCOps updates ...
- http://www.vmware.co...-2012-0013.html
2012-08-30
Summary: VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities...
CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, CVE-2012-1583
- https://secunia.com/advisories/50473/
Criticality level: Highly critical ...
- https://secunia.com/advisories/50476/
Criticality level: Highly critical ...
- https://secunia.com/advisories/50479/
Criticality level: Highly critical ...

VMSA-2012-0012.1 - VMware ESXi update to third party library
- http://www.vmware.co...-2012-0012.html
Updated on: 2012-08-30
CVE numbers: CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841 ...

VMSA-2012-0005.1 - VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
- http://www.vmware.co...-2012-0005.html
Updated on: 2012-06-13
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1512, CVE-2012-1513, CVE-2012-1514, CVE-2011-3190, CVE-2011-3375, CVE-2012-0022, CVE-2010-0405 ...

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#85 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 15 September 2012 - 01:32 PM

FYI...

VMSA-2012-0013.1 - VMware vSphere and vCOps updates to third party libraries
- http://www.vmware.co...-2012-0013.html
Updated on: 2012-09-12
Summary: VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities...
Change log:
2012-08-30 VMSA-2012-0013 Initial security advisory in conjunction with the release of vSphere 4.1 U3 and vCOps 5.0.3 on 2012-08-30.
2012-09-12 VMSA-2012-0013.1 Updated security advisory in conjunction with the release of vSphere 4.0 U4a and ESX 4.0 patches on 2012-09-12...

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#86 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 05 October 2012 - 05:57 AM

FYI...

VMSA-2012-0014 VMware
- http://www.vmware.co...-2012-0014.html
Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates
2012-10-04
CVE numbers:
- http://web.nvd.nist....d=CVE-2012-4897
- http://web.nvd.nist....d=CVE-2012-5050
- http://web.nvd.nist....d=CVE-2012-5051
... multiple security vulnerabilities.
Relevant releases:
vCenter Operations prior to 5.0.x
vCenter CapacityIQ 1.5.x
Movie Decoder prior to 9.0

- http://www.securityt....com/id/1027611
CVE Reference: CVE-2012-4897
Oct 5 2012
Impact: Execution of arbitrary code via network, User access via network
Solution: The vendor has issued a fix (9.0).
... advisory is available at:
http://www.vmware.co...-2012-0014.html

- http://www.securityt....com/id/1027612
CVE Reference: CVE-2012-5050
Oct 5 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Solution: The vendor has issued a fix (5.0).
... advisory is available at:
http://www.vmware.co...-2012-0014.html

- http://www.securityt....com/id/1027613
CVE Reference: CVE-2012-5051
Oct 5 2012
Impact: Disclosure of system information, Disclosure of user information
Solution: The vendor has issued a fix (vCOps 5.0.x).
... advisory is available at:
http://www.vmware.co...-2012-0014.html

:!:

Edited by AplusWebMaster, 06 October 2012 - 09:11 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#87 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 05 November 2012 - 07:30 AM

FYI...

VMware Security Note
- https://blogs.vmware...ity-note-3.html
"Today, Nov. 4, 2012, our security team became aware of the public posting of VMware ESX source code dating back to 2004. This source code is related to the source code posted publicly on April 23, 2012. (For reference: April 24, 2012* and May 3, 2012**). It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.
Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment. We also recommend customers review our security hardening guides. By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected. As is our practice, VMware will continue to assess any further security risks, and will provide recommendations and updates here as appropriate."

* http://blogs.vmware....ity-note-2.html

** http://blogs.vmware....urity-note.html
___

- https://threatpost.c...d-online-110412
Nov. 4, 2012

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#88 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 09 November 2012 - 08:47 AM

FYI...

VMSA-2012-0015 VMware Security Advisory
- https://www.vmware.c...-2012-0015.html
Synopsis: VMware Hosted Products and OVF Tool address security issues
2012-11-08
CVE numbers:
- https://web.nvd.nist...d=CVE-2012-3569 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2012-5458 - 8.3 (HIGH)
- https://web.nvd.nist...d=CVE-2012-5459 - 7.9 (HIGH)
1. Summary: VMware Hosted products and OVFTool patches address several security issues.
2. Relevant releases: OVF Tool 2.1, Workstation 8.0.4, Player 4.0.4 ...

- http://www.securityt....com/id/1027742
CVE Reference: CVE-2012-3569, CVE-2012-5458, CVE-2012-5459
Date: Nov 9 2012
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Version(s): Workstation 8.0.4, Player 4.0.4, OVF Tool 2.1 ...
Solution: The vendor has issued a fix (Workstation 8.0.5, Player 4.0.5, OVF Tool 3.0.1)...
Vendor URL: http://www.vmware.co...-2012-0015.html

:ph34r: :ph34r:

Edited by AplusWebMaster, 14 November 2012 - 04:02 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#89 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 16 November 2012 - 06:09 AM

FYI...

VMSA-2012-0016 - vSphere API and ESX Service Console
- https://www.vmware.c...-2012-0016.html
2012-11-15
Synopsis: VMware security updates for vSphere API and ESX Service Console
CVE numbers: --- vSphere API --
CVE-2012-5703
--- bind (service console) ---
CVE-2012-1033, CVE-2012-1667, CVE-2012-3817
--- python (service console) ---
CVE-2011-4940, CVE-2011-4944, CVE-2012-1150
--- expat (service console) ---
CVE-2012-0876, CVE-2012-1148
--- nspr and nss (service console) ---
CVE-2012-0441
Summary: VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates...

- http://www.securityt....com/id/1027782
Nov 16 2012
Impact: Denial of service via network
Version(s): 4.1
Description: A vulnerability was reported in VMware ESX/ESXi. A remote user can cause denial of service conditions...
Solution: The vendor has issued a fix...
Vendor URL: https://www.vmware.c...-2012-0016.html

VMware ESX Server Multiple Vulnerabilities
- https://secunia.com/advisories/51317
Release Date: 2012-11-16
Criticality level: Moderately critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS
Where: From remote...
... vulnerabilities are reported in versions 4.0 and 4.1.
Original Advisory: VMware:
http://www.vmware.co...-2012-0016.html

VMware ESXi vSphere API Denial of Service Vulnerability
- https://secunia.com/advisories/51263
Release Date: 2012-11-16
Impact: DoS
Where: From local network
... vulnerability is reported in version 4.1.
Original Advisory: VMware:
http://www.vmware.co...-2012-0016.html

:ph34r:

Edited by AplusWebMaster, 18 November 2012 - 08:14 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#90 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 14 December 2012 - 08:12 AM

FYI...

VMSA-2012-0017 - VMware View Server
- https://www.vmware.c...-2012-0017.html
Advisory ID: VMSA-2012-0017
Synopsis: VMware View Server directory traversal
Issue date: 2012-12-13
CVE numbers: CVE-2012-5978
1. Summary: VMware View releases address a critical directory traversal vulnerability in the View Connection Server and View Security Server.
2. Relevant releases
- VMware View 5.x prior to version 5.1.2
- VMware View 4.x prior to version 4.6.2
3. Problem Description
a. VMware View Server directory traversal: VMware View contains a critical directory traversal vulnerability that allows an unauthenticated remote attacker to retrieve arbitrary files from affected View Servers. Exploitation of this issue may expose sensitive information stored on the server.
Workarounds: This vulnerability affects both the View Connection Server and the View Security Server; VMware recommends that customers immediately update both servers to a fixed version of View.
Customers who are unable to immediately update their View Servers should consider the following options:
- Disable Security Server: Disabling the Security Server will prevent exploitation of this vulnerability over untrusted remote networks. To restore functionality for remote users, allow them to connect to the Connection Server via a VPN.
- Block directory traversal attempts: It may be possible to prevent exploitation of this issue by blocking directory traversal attacks with an intrusion protection system or application layer firewall...
___

- http://www.securityt....com/id/1027875
CVE Reference: CVE-2012-5978
Dec 14 2012
Impact: Disclosure of system information, Disclosure of user information
Version(s): 4.x prior to 4.6.2, 5.x prior to 5.1.2
Impact: A remote user can view arbitrary files on the target system.
Solution: The vendor has issued a fix (View Server 4.6.2, 5.1.2)...

- https://secunia.com/advisories/51597/
Release Date: 2012-12-14
Criticality level: Moderately critical
Impact: Exposure of sensitive information
Where: From remote...
CVE Reference: CVE-2012-5978
Solution: Update to version 5.1.2 or 4.6.2.

:ph34r:

Edited by AplusWebMaster, 14 December 2012 - 09:39 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#91 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 21 December 2012 - 10:21 AM

FYI...

VMSA-2012-0018 - security updates for vCSA and ESXi
- https://www.vmware.c...-2012-0018.html
Synopsis: VMware security updates for vCSA and ESXi
Issue date: 2012-12-20
Summary: VMware has updated vCenter Server Appliance (vCSA) and ESX to address multiple security vulnerabilities
Relevant releases: vCenter Server Appliance 5.1 without Patch 1, vCenter Server Appliance 5.0 without Update 2, VMware ESXi 5.1 without patch ESXi510-201212101, VMware ESXi 5.0 without patch ESXi500-201212101
Solution: ESXi and ESX - The download for ESXi -includes- vCenter Server Appliance...
ESXi 5.1: http://kb.vmware.com/kb/2035775
ESXi 5.0: http://kb.vmware.com/kb/2033751 ...
Host Reboot Required: Yes
Virtual Machine Migration or Shutdown Required: Yes

- https://secunia.com/advisories/51555/
Release Date: 2012-12-21
Criticality level: Moderately critical
Impact: Privilege escalation, DoS, System access
Where: From remote
CVE Reference(s): CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480
... vulnerabilities are reported in versions 5.1 and 5.0.
Solution: Apply patches.
Original Advisory: https://www.vmware.c...-2012-0018.html

- https://secunia.com/advisories/46859/
Release Date: 2012-12-21
Impact: Exposure of sensitive information
Where: From local network
CVE Reference(s): CVE-2012-6324, CVE-2012-6325
Original Advisory: https://www.vmware.c...-2012-0018.html
___

VMSA-2012-0013.2
- https://www.vmware.c...-2012-0013.html
Change log: 2012-12-20 VMSA-2012-0013.2
Updated security advisory in conjunction with the release of vCenter Server, ESX 5.0 Update 2 on 2012-12-20.

VMSA-2012-0005.4 - 2012-12-20
- https://www.vmware.c...-2012-0005.html
Updated security advisory in conjunction with the release of vSphere 5.0 Update 2
on 2012-12-20.


:ph34r: :!:


Edited by AplusWebMaster, 11 April 2013 - 11:56 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#92 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 01 February 2013 - 05:38 AM

FYI...

VMSA-2013-0001 VMware vSphere security updates... third party libraries
- https://www.vmware.c...-2013-0001.html
2013-01-31
CVE numbers:  vSphere authentication CVE-2013-1405
- libxml2 CVE-2011-3102, CVE-2012-2807
- bind (service console) CVE-2012-4244
- xslt (service console) CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871
Summary: VMware vSphere security updates for the authentication service and third party libraries
Relevant releases:
vCenter Server 4.1 without Update 3a
vSphere Client 4.1 without Update 3a
ESXi 4.1 without patch ESXi410-201301401-SG
ESX 4.1 without patches ESX410-201301401-SG, ESX410-201301402-SG,
ESX410-201301403-SG, and ESX410-201301405-SG
Problem Description: VMware vSphere client-side authentication memory corruption vulnerability...
Download link:
https://downloads.vm...are_vsphere/4_1
Release Notes:
https://www.vmware.c..._rel_notes.html ...
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#93 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 08 February 2013 - 06:28 AM

FYI...

VMSA-2013-0002 Workstation, Fusion, and View 'VMCI.SYS' Driver Flaw...
- http://www.securityt....com/id/1028100
CVE Reference: CVE-2013-1406
Feb 8 2013
Impact: Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Workstation 8.x prior to 8.0.5, Workstation 9.0; Fusion 4.x prior to 4.1.4 and 5.x prior to 5.0.2; View 4.x prior to 4.6.2, 5.x prior to 5.1.2 ...
Solution: The vendor has issued a fix (Workstation 8.0.5, 9.0.1; Fusion 4.1.4, 5.0.2; View 4.6.2, 5.1.2).

VMSA-2013-0002 ESX/ESXi 'VMCI.SYS' Driver Flaw...
- http://www.securityt....com/id/1028101
CVE Reference: CVE-2013-1406
Feb 8 2013
Impact: Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): ESX/ESXi 4.0, 4.1, ESXi 5.0, 5.1
Solution: The vendor has issued a fix.
ESXi 5.1: ESXi510-201212102-SG, ESXi 5.0: ESXi500-201212102-SG, ESXi 4.1: ESXi410-201211402-BG, ESXi 4.0: ESXi400-201302402-SG. ESX 4.1: ESX410-201211401-SG, ESX 4.0: ESX400-201302401-SG
...The vendor's advisory is available at:
- http://www.vmware.co...-2013-0002.html

VMSA-2013-0001.1
- https://www.vmware.c...-2013-0001.html
2013-02-07 VMSA-2013-0001.1
Updated security advisory to include vCenter 4.0 Update 4b and patches for ESX 4.0.

:ph34r: :ph34r:


Edited by AplusWebMaster, 08 February 2013 - 07:35 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#94 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 22 February 2013 - 05:59 AM

FYI...

VMSA-2013-0003 - VMware vCenter Server, ESXi and ESX security issues
- http://www.vmware.co...-2013-0003.html
2013-02-21
Summary: VMware has updated VMware vCenter Server, ESXi and ESX to address a vulnerability in the Network File Copy (NFC) Protocol. This update also addresses multiple security vulnerabilities in third party libraries used by VirtualCenter, ESX and ESXi...
References:
vSphere NFC - CVE-2013-1659
OpenSSL - CVE-2012-2110
JRE - http://www.oracle.co...012-366318.html ...
Change log:
2013-02-21 VMSA-2013-0003
Initial security advisory in conjunction with the release of VirtualCenter 2.5 U6c and ESX 3.5 patches on 2013-02-21...
___


- http://www.securityt....com/id/1028202

- http://www.securityt....com/id/1028200

- http://www.securityt....com/id/1028199
___

VMSA-2013-0001.2
- https://www.vmware.c...-2013-0001.html
2013-02-21 VMSA-2013-0001.2
Updated security advisory to include vCenter 2.5 Update U6c and patches for ESX 3.5 released on 2013-02-21.

VMSA-2012-0018.1
- https://www.vmware.c...-2012-0018.html
2013-02-21 VMSA-2012-0018.1
Updated security advisory to add section 3d, which documents CVE-2012-6326.

- http://h-online.com/-1808480
22 Feb 2013

:ph34r:


Edited by AplusWebMaster, 25 February 2013 - 05:09 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#95 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 29 March 2013 - 08:21 AM

FYI...

VMSA-2013-0004 - VMware ESXi security update for third party library
- https://secunia.com/advisories/52844/
Release Date: 2013-03-29
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Operating System: VMware ESX Server 4.x, VMware ESXi 4.x, VMware ESXi 5.x
CVE Reference: https://web.nvd.nist...d=CVE-2012-5134 - 6.8
For more information see: https://secunia.com/SA48000/
... vulnerability is reported in ESXi versions 5.1, 5.0, 4.1, and 4.0 and ESX versions 4.1 and 4.0.
Solution: Apply patches if available.
Original Advisory: http://www.vmware.co...-2013-0004.html
2013-03-28 - "... ESXi userworld libxml2 library has been updated to resolve a security issue..."
- https://www.vmware.c...download.portal
___

VMSA-2013-0001.3
- https://www.vmware.c...-2013-0001.html
2013-03-28 VMSA-2013-0001.3
Updated security advisory for issue... due to  ESXi 5.0 update released on 2013-03-28.
 

:ph34r:


Edited by AplusWebMaster, 30 March 2013 - 12:06 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#96 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 05 April 2013 - 05:49 AM

FYI...

VMSA-2013-0005 - VMware vFabric Postgres security updates
- https://secunia.com/advisories/52906/
Release Date: 2013-04-05
Impact: Security Bypass, Brute force, DoS
Where: From local network
CVE Reference(s): CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
For more information: https://secunia.com/SA52837/
... vulnerabilities are reported in versions 9.2.2 and prior and versions 9.1.6 and prior.
Solution: Update to version 9.2.4 or 9.1.9.
Original Advisory:
- http://www.vmware.co...-2013-0005.html
2013-04-04
CVE numbers: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
Summary: VMware vFabric Postgres releases address several security vulnerabilities
Relevant Releases:
VMware vFabric Postgres 9.2.2 and earlier
VMware vFabric Postgres 9.1.6 and earlier...
The most serious of these issues, CVE-2013-1899, allows for remote deletion of files from the vFabric Postgres data directory. In case vFabric Postgres is not listening for external incoming traffic the issue cannot be exploited  remotely.
Mitigation: Disallowing incoming external traffic will mitigate the issue for CVE-2013-1899. Details can be found in http://www.postgresq...connection.html ...

Release notes:
vFabric Postgres 9.2.4 | 4 Apr 2013
https://www.vmware.c...ease-notes.html
vFabric Postgres 9.1.9 | 4 Apr 2013
https://www.vmware.com/support/vfabric-postgres/doc/vfabric-postgres-916-release-notes.html   

- https://blogs.vmware...c-postgres.html

- http://www.postgresq...bout/news/1456/
2013-04-04
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#97 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 26 April 2013 - 05:34 AM

FYI...

VMSA-2013-0006 VMware security updates ...
- https://www.vmware.c...-2013-0006.html
2013-04-25
Summary: VMware has updated vCenter Server Appliance (vCSA) and vCenter Server running on Windows to address multiple security vulnerabilities.
Relevant Releases: vCenter Server 5.1 without Update 1 ...
CVE numbers: CVE-2013-3107, CVE-2013-3079, CVE-2013-3080
--- tomcat ---
CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2012-2733,
CVE-2012-4534, CVE-2012-3546, CVE-2012-4431
--- JRE --- See references ...
Change log: 2013-04-25 VMSA-2013-0006
Initial security advisory in conjunction with the release of VMware vSphere 5.1 Update 1 on 2013-04-25...
Download link:
https://downloads.vm...are_vsphere/5_1
Release Notes:
http://www.vmware.co...ease-notes.html

- https://secunia.com/advisories/53180/
Release Date: 2013-04-26
Criticality level: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
For more information:
https://secunia.com/SA50949/
https://secunia.com/SA51138/
https://secunia.com/SA51425/
Solution: Update to version 5.1 Update 1...

- https://secunia.com/advisories/53218/  
Release Date: 2013-04-26
Criticality level: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
... vulnerabilities are caused due to a bundled vulnerable version of Java.
For more information: https://secunia.com/SA50949/
The vulnerabilities are reported in the following products and versions:
* vCenter Server version 5.0
* vCenter Server version 4.1
* Update Manager version 5.1
* Update Manager version 5.0
* ESX version 4.1
Solution: Apply patch if available...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 26 April 2013 - 11:01 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#98 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 31 May 2013 - 06:32 AM

FYI...

VMSA-2013-0007 - VMware ESX third party update for Service Console package sudo
- https://www.vmware.c...-2013-0007.html
2013-05-30
CVE numbers:
- https://web.nvd.nist...d=CVE-2012-2337 - 7.2 (HIGH)
- https://web.nvd.nist...d=CVE-2012-3440 - 5.6
ESXi and ESX
- https://www.vmware.c...download.portal
ESX 4.0
File: ESX400-201305001.zip
md5sum: c9ac91d3d803c7b7cb9df401c20b91c0
sha1sum: 7f5cef274c709248daa56d8c0e6fcc1ba86ae411
- https://kb.vmware.com/kb/2044240
ESX400-201305001 contains ESX400-201305402-SG ...

- https://secunia.com/advisories/53663/
Release Date: 2013-05-31
Impact: Security Bypass, Manipulation of data
Where: From local network...
For more information:
- https://secunia.com/SA49219/
- https://secunia.com/SA50178/
The security issue and the vulnerability are reported in versions 4.0 and 4.1.
Original Advisory: http://www.vmware.co...-2013-0007.html
___

VMSA-2013-0001.5
- https://www.vmware.c...-2013-0001.html
Change log: VMSA-2013-0001.5
Updated security advisory in conjunction with the release of ESX 4.0 patches on 2013-05-30.

VMSA-2013-0004.3
- https://www.vmware.c...-2013-0004.html
Change log: VMSA-2013-0004.3
Updated security advisory in conjunction with the release of ESX 4.0 patch on 2013-05-30
 

:ph34r:


Edited by AplusWebMaster, 01 June 2013 - 01:35 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#99 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 11 June 2013 - 01:54 PM

FYI...

VMSA-2013-0008 - VMware vCenter Chargeback Manager Remote Code Execution
- https://www.vmware.c...-2013-0008.html
2013-06-11 (initial advisory)
CVE numbers: https://web.nvd.nist...d=CVE-2013-3520 - 7.5 (HIGH)
Summary: The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution...
Download link:
https://downloads.vm..._chargeback/2_5
Release Notes:
https://www.vmware.c...ease_notes.html
___

- http://www.securityt....com/id/1028653
CVE Reference: CVE-2013-3520
Jun 11 2013
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Chargeback Manager prior to 2.5.1...
Vendor URL: https://www.vmware.c...-2013-0008.html
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 21 June 2013 - 10:31 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#100 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,135 posts

Posted 01 August 2013 - 12:18 PM

FYI...

VMware VMSA-2013-0009 - VMware ESX and ESXi updates to third party libraries
- http://www.vmware.co...-2013-0009.html
2013-07-31
CVE numbers:     
--- OpenSSL ---
CVE-2013-0169, CVE-2013-0166
 --- libxml2 (COS and userworld) ---
CVE-2013-0338
 --- GnuTLS (COS) ---
CVE-2013-2116
--- Kernel (COS) ---
CVE-2013-0268, CVE-2013-0871
Summary: VMware has updated several third party libraries in ESX and ESXi to address multiple security vulnerabilities.
Relevant Releases:
VMware ESXi 4.1 without patch ESXi410-201307001
VMware ESX 4.1 without patch ESX410-201307001...
- https://secunia.com/advisories/54339
Release Date: 2013-08-01
- https://secunia.com/advisories/54345
Release Date: 2013-08-01
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button