About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

VMware Products Multiple Code Execution and Security Bypass Issues

VUPEN ID VUPEN/ADV-2009-3316
CVE ID CVE-2007-2052 - CVE-2007-2052 - CVE-2007-4965 - CVE-2007-5333 - CVE-2007-5342 - CVE-2007-5461 - CVE-2007-5966 - CVE-2007-6286 - CVE-2008-0002 - CVE-2008-1232 - CVE-2008-1721 - CVE-2008-1887 - CVE-2008-1947 - CVE-2008-2315 - CVE-2008-2370 - CVE-2008-3142 - CVE-2008-3143 - CVE-2008-3144 - CVE-2008-3528 - CVE-2008-4307 - CVE-2008-4864 - CVE-2008-5031 - CVE-2008-5515 - CVE-2008-5700 - CVE-2009-0028 - CVE-2009-0033 - CVE-2009-0159 - CVE-2009-0269 - CVE-2009-0322 - CVE-2009-0580 - CVE-2009-0675 - CVE-2009-0676 - CVE-2009-0696 - CVE-2009-0745 - CVE-2009-0746 - CVE-2009-0747 - CVE-2009-0748 - CVE-2009-0778 - CVE-2009-0781 - CVE-2009-0783 - CVE-2009-0787 - CVE-2009-0834 - CVE-2009-1072 - CVE-2009-1093 - CVE-2009-1094 - CVE-2009-1095 - CVE-2009-1096 - CVE-2009-1097 - CVE-2009-1098 - CVE-2009-1099 - CVE-2009-1100 - CVE-2009-1101 - CVE-2009-1102 - CVE-2009-1103 - CVE-2009-1104 - CVE-2009-1105 - CVE-2009-1106 - CVE-2009-1107 - CVE-2009-1192 - CVE-2009-1252 - CVE-2009-1336 - CVE-2009-1337 - CVE-2009-1385 - CVE-2009-1388 - CVE-2009-1389 - CVE-2009-1439 - CVE-2009-1630 - CVE-2009-1633 - CVE-2009-1895 - CVE-2009-2406 - CVE-2009-2407 - CVE-2009-2414 - CVE-2009-2416 - CVE-2009-2417 - CVE-2009-2625 - CVE-2009-2670 - CVE-2009-2671 - CVE-2009-2672 - CVE-2009-2673 - CVE-2009-2675 - CVE-2009-2676 - CVE-2009-2692 - CVE-2009-2698 - CVE-2009-2716 - CVE-2009-2718 - CVE-2009-2719 - CVE-2009-2720 - CVE-2009-2721 - CVE-2009-2722 - CVE-2009-2723 - CVE-2009-2724 - CVE-2009-2847 - CVE-2009-2848
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Critical 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2009-11-23
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by errors in JRE, Tomcat, ntp, kernel, python, bind, libxml, libxml2, curl, and gnutil. For additional information, see : VUPEN/ADV-2007-1465 - VUPEN/ADV-2007-3201 - VUPEN/ADV-2007-3622 - VUPEN/ADV-2008-0013 - VUPEN/ADV-2008-0488 - VUPEN/ADV-2008-1229 - VUPEN/ADV-2008-1725 - VUPEN/ADV-2008-2288 - VUPEN/ADV-2008-2305 - VUPEN/ADV-2009-0509 - VUPEN/ADV-2009-0662 - VUPEN/ADV-2009-0802 - VUPEN/ADV-2009-0852 - VUPEN/ADV-2009-0974 - VUPEN/ADV-2009-0975 - VUPEN/ADV-2009-0999 - VUPEN/ADV-2009-1121 - VUPEN/ADV-2009-1331 - VUPEN/ADV-2009-1361 - VUPEN/ADV-2009-1496 - VUPEN/ADV-2009-1520 - VUPEN/ADV-2009-1675 - VUPEN/ADV-2009-1866 - VUPEN/ADV-2009-2036 - VUPEN/ADV-2009-2041 - VUPEN/ADV-2009-2153 - VUPEN/ADV-2009-2220 - VUPEN/ADV-2009-2263 - VUPEN/ADV-2009-2272 - VUPEN/ADV-2009-2370

Affected Products

VMware vCenter Server versions 4.x
VMware VirtualCenter versions 2.x
VMware Server versions 2.x
VMware ESX versions 4.x
VMware ESX versions 3.x
VMware ESXi versions 4.x
VMware ESXi versions 3.x
VMware vMA versions 4.x

Solution 

Apply patches :
http://lists.vmware.com/pipermail/security-announce/2009/000070.html

References

http://www.vupen.com/english/advisories/2009/3316
http://lists.vmware.com/pipermail/security-announce/2009/000070.html

Changelog 

2009-11-23 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 18%

  High Risk		 : 5%

  Moderate Risk		 : 46%

  Low Risk		 : 31%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy