Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.

🗓️ 31 Aug 2012 00:00:00Reported by This script is Copyright (C) 2012 Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 70 Views

VMware VMSA-2012-0013 update for vSphere and vCOp

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.
12 Apr 202417:44
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL
24 Jul 202022:49
ibm
IBM Security Bulletins		IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6
15 Jun 201806:56
ibm
IBM Security Bulletins		Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450, and CVE-2013-6449)
23 Feb 202217:14
ibm
IBM Security Bulletins		Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)
29 Mar 202301:48
ibm
IBM Security Bulletins		Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0
25 Sep 202223:13
ibm
IBM Security Bulletins		Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)
14 Sep 202217:37
ibm
IBM Security Bulletins		Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
26 Sep 202204:23
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL
25 Sep 202220:45
ibm
IBM Security Bulletins		Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)
22 Dec 202017:41
ibm
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_VMSA-2012-0013.nasl 5940 2017-04-12 09:02:05Z teissa $
#
# VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries
#
# Authors:
# Michael Meyer <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "The remote ESXi is missing one or more security related Updates from VMSA-2012-0013.

Summary
VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.

Relevant releases
VMware vCenter 4.1 without Update 3
VMware vCenter Update Manager 4.1 without Update 3
VMware ESX without patches ESX410-201208101-SG, ESX410-201208102-SG,
       ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG,
       ESX410-201208106-SG, ESX410-201208107-SG
VMware ESXi without patch ESXi410-201208101-SG
               

Problem Description
a. vCenter and ESX update to JRE 1.6.0 Update 31

The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple
security issues. Oracle has documented the CVE identifiers that are addressed by
this update in the Oracle Java SE Critical Patch Update Advisory of February
2012.

b. vCenter Update Manager update to JRE 1.5.0 Update 36

The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues.
Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in
the Oracle Java SE Critical Patch Update Advisory for June 2012.

c. Update to ESX/ESXi userworld OpenSSL library

The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version
0.9.8t to resolve multiple security issues.

d. Update to ESX service console OpenSSL RPM

The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to
resolve a security issue.

e. Update to ESX service console kernel

The ESX service console kernel is updated to resolve multiple security issues.

f. Update to ESX service console Perl RPM

The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to
resolve multiple security issues.

g. Update to ESX service console libxml2 RPM

The ESX service console libmxl2 RPMs are updated to
libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to
resolve a security issue.

h. Update to ESX service console glibc RPM

The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to
resolve multiple security issues.

i. Update to ESX service console GnuTLS RPM

The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to
resolve multiple security issues.

j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS

The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to
the following versions to resolve multiple security issues:

k. Vulnerability in third party Apache Struts component

The version of Apache Struts in vCenter Operations has been updated to 2.3.4
which addresses an arbitrary file overwrite vulnerability. This vulnerability
allows an attacker to create a denial of service by overwriting arbitrary files
without authentication. The attacker would need to be on the same network as the
system where vCOps is installed.

Solution
Apply the missing patch(es).";


if (description)
{
 script_id(103558);
 script_cve_id("CVE-2010-4180","CVE-2010-4252","CVE-2011-0014","CVE-2011-4108","CVE-2011-4109","CVE-2011-4576","CVE-2011-4577","CVE-2011-4619","CVE-2012-0050",
               "CVE-2012-2110","CVE-2011-1833","CVE-2011-2484","CVE-2011-2496","CVE-2011-3188","CVE-2011-3209","CVE-2011-3363","CVE-2011-4110","CVE-2011-1020",
               "CVE-2011-4132","CVE-2011-4324","CVE-2011-4325","CVE-2012-0207","CVE-2011-2699","CVE-2012-1583","CVE-2010-2761","CVE-2010-4410","CVE-2011-3597",
               "CVE-2012-0841","CVE-2009-5029","CVE-2009-5064","CVE-2010-0830","CVE-2011-1089","CVE-2011-4609","CVE-2012-0864","CVE-2011-4128","CVE-2012-1569",
               "CVE-2012-1573","CVE-2012-0060","CVE-2012-0061","CVE-2012-0815","CVE-2012-0393","CVE-2012-0507");

 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_version ("$Revision: 5940 $");
 script_name("VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.");


 script_tag(name:"last_modification", value:"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $");
 script_tag(name:"creation_date", value:"2012-08-31 11:02:01 +0100 (Fri, 31 Aug 2012)");
 script_category(ACT_GATHER_INFO);
 script_family("VMware Local Security Checks");
 script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
 script_dependencies("gb_vmware_esxi_init.nasl");
 script_mandatory_keys("VMware/ESXi/LSC","VMware/ESX/version");
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 script_xref(name : "URL" , value : "http://www.vmware.com/security/advisories/VMSA-2012-0013.html");
 exit(0);
}

include("vmware_esx.inc");
include("version_func.inc");

if(!get_kb_item('VMware/ESXi/LSC'))exit(0);
if(! esxVersion = get_kb_item("VMware/ESX/version"))exit(0);

patches = make_array("4.1.0","ESXi410-Update03:2012-08-30");

if(!patches[esxVersion])exit(0);

if(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {

  security_message(port:0);
  exit(0);

}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Apr 2017 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.98237
vmwarevmsa-2012-0013vspherevcopssecurity updatesthird party librariesesxijreopensslkernelperllibxml2glibcgnutlsapache struts
70