VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

2011-03-0700:00:00

www.vmware.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.371 Low

EPSS

Percentile

97.1%

JSON

a. Service Location Protocol daemon DoSThis patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of this vulnerability could cause SLPD to consume significant CPU resources.VMware would like to thank Nicolas Gregoire and US CERT for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3609 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
esxiltESXi410-201101201-SG
esxiltESXi400-201103401-SG
esxltESX410-201101201-SG
esxltESX400-201103401-SG
esxltESX410-201104407-SG
esxltESX400-201103407-SG
esxltESX410-201110207-SG
esxltESX400-201103404-SG
esxltrefer to VMSA-2012-0001
esxltESX400-201103406-SG

Name	Operator	Version
esxi	lt	ESXi410-201101201-SG
esxi	lt	ESXi400-201103401-SG
esx	lt	ESX410-201101201-SG
esx	lt	ESX400-201103401-SG
esx	lt	ESX410-201104407-SG
esx	lt	ESX400-201103407-SG
esx	lt	ESX410-201110207-SG
esx	lt	ESX400-201103404-SG
esx	lt	refer to VMSA-2012-0001
esx	lt	ESX400-201103406-SG

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609