[SingCERT] VMware ESX and ESXi Multiple Security Bypass and Denial of Service

Mailing List

[SingCERT] VMware ESX and ESXi Multiple Security Bypass and Denial of Service

Last Updated on Thursday, 10 March 2011 10:02

Attention: open in a new window.

[ Summary ]
Multiple vulnerabilities have been identified in VMware ESX and ESXi.

These vulnerabilities are caused by errors in SLPD, bind, pam, and rpm. For example, a remote attacker can send specially crafted data to cause the target Service Location Protocol daemon (SLPD) to enter an infinite loop and consume excessive CPU resources.

[ Affected Systems ]

VMware ESXi version 4.1
VMware ESXi version 4.0
VMware ESX version 4.1
VMware ESX version 4.0

[ Solution/Workaround ]
Apply patches.

http://www.vmware.com/patch/download

[ Reference ]

http://www.securitytracker.com/id/1025168
http://www.vupen.com/english/advisories/2011/0606
http://secunia.com/advisories/43675/
http://www.vmware.com/security/advisories/VMSA-2011-0004.html

< Prev		Next >

Additional Information

About Us
FAQ
Disclaimer
Security Awareness

Search, View and Navigation

Mailing List

Archive

[SingCERT] VMware ESX and ESXi Multiple Security Bypass and Denial of Service

Additional Information

Symantec Security Alerts