Está usted visitando una publicación en la hemeroteca de CSIRT-CV.
Para acceder al portal y contenido actual, visite https://www.csirtcv.gva.es
23/02/2011
Múltiples vulnerabilitats han estat identificades en diversos productes de VMware, la qual cosa podria ser explotada per atacants o usuaris maliciosos per a botar-se restriccions de seguretat, obtindre una certa informació reservada, causar una denegació de servei o executar codi arbitrari en el sistema.
Aquests problemes estan causats per errors en Tomcat, cURL, Service Vaig consolar Kernel, MS SQL Express, OpenSSL, JRE i pam_krb5.
Un resum dels problemes és el següent:
VMware vCenter Server versions 4.x
VMware vCenter Update Manager versions 4.x
VMware vCenter Update Manager versions 1.x
VMware ESXi versions 4.x
VMware ESX versions 4.x
VMware VirtualCenter versions 2.x
VMware VirtualCenter versions 2.x
CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107, CVE-2008-3825, CVE-2008-5416, CVE-2009-1384, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0291, CVE-2010-0307, CVE-2010-0410, CVE-2010-0415, CVE-2010-0433, CVE-2010-0437, CVE-2010-0622, CVE-2010-0730, CVE-2010-0734, CVE-2010-0740, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850, CVE-2010-0886, CVE-2010-1084, CVE-2010-1085, CVE-2010-1086, CVE-2010-1087, CVE-2010-1088, CVE-2010-1157, CVE-2010-1173, CVE-2010-1187, CVE-2010-1321, CVE-2010-1436, CVE-2010-1437, CVE-2010-1641, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2227, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-2928, CVE-2010-2939, CVE-2010-3081, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3556, CVE-2010-3557, CVE-2010-3559, CVE-2010-3561, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, CVE-2010-3864
Solució:Apliqueu la solució corresponent segons el producte:
VMware vCenter Server 4.1 – Aplicar la Update 1
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
VMware ESXi 4.1 - Aplicar ESXi410-201101201-SG
http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
VMware ESX 4.1 – Aplicar ESX410-201101201-SG
http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
http://lists.vmware.com/pipermail/security-announce/2011/000119.html
http://www.vupen.com/english/advisories/2011/0370