7/31/2013
Date Patched:
Patch Not Yet Available
Vendor:
VMware
Affected Software:
VMware ESX 4.0
VMware ESXi 4.0, 5.0, 5.1
Description:
VMware ESX and ESXi contain multible vulnerabilities due to bundled versions of libxml2, GNU TLS, OpenSSL, and the Linux kernel. Successful exploitation may result in elevation of privilege, information disclosure, or denial of service.
Severity:
High
Code Execution:
Yes.
Impact:
Elevation of Privilege
Of the various vulnerabilities present in VMware ESX and ESXi, the worst of which may allow an attacker to have an opportunity to elevate their privileges. This may allow them to perform actions that would normally be restricted from them, including the ability to access sensitive data and executing arbitrary code.
Mitigation:
No mitigations are currently available.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19926 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESXi 5.1/5.0/4.0
- 19927 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESX 4.0
Status:
2013-07-31 - VMware security advisory released
2013-08-06 - Linux MSR proof of concept released
Không có nhận xét nào:
Đăng nhận xét