Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25898
HistoryMar 10, 2011 - 12:00 a.m.

VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.

2011-03-1000:00:00
vulners.com
36
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2011-0004
Synopsis: VMware ESX/ESXi SLPD denial of service vulnerability
and ESX third party updates for Service Console
packages bind, pam, and rpm.
Issue date: 2011-03-07
Updated on: 2011-03-07 (initial release of advisory)
CVE numbers: CVE-2010-3613 CVE-2010-3614 CVE-2010-3762
CVE-2010-3316 CVE-2010-3435 CVE-2010-3853
CVE-2010-2059 CVE-2010-3609

  1. Summary

    Service Location Protocol daemon (SLPD) denial of service issue and
    ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.

  2. Relevant releases

    VMware ESXi 4.1 without patch ESXi410-201101201-SG.

    VMware ESXi 4.0 without patch ESXi400-201103401-SG.

    VMware ESX 4.1 without patch ESX410-201101201-SG.

    VMware ESX 4.0 without patches ESX400-201103401-SG,
    ESX400-201103404-SG, ESX400-201103406-SG, ESX400-201103407-SG.

  3. Problem Description

a. Service Location Protocol daemon DoS

This patch fixes a denial-of-service vulnerability in
the Service Location Protocol daemon (SLPD). Exploitation of this
vulnerability could cause SLPD to consume significant CPU
resources.

VMware would like to thank Nicolas Gregoire and US CERT for
reporting this issue to us.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-3609 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           4.1       ESXi     ESXi410-201101201-SG
ESXi           4.0       ESXi     ESXi400-201103401-SG
ESXi           3.5       ESXi     not applicable

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      ESX400-201103401-SG
ESX            3.5       ESX      not applicable
ESX            3.0.3     ESX      not applicable

* hosted products are VMware Workstation, Player, Fusion.

b. Service Console update for bind

This patch updates the bind-libs and bind-utils RPMs to version
9.3.6-4.P1.el5_5.3, which resolves multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3613, CVE-2010-3614, and
CVE-2010-3762 to these issues.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.  

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not applicable

ESX            4.1       ESX      affected, patch pending
ESX            4.0       ESX      ESX400-201103407-SG
ESX            3.5       ESX      not applicable
ESX            3.0.3     ESX      not applicable

* hosted products are VMware Workstation, Player, Fusion.

c. Service Console update for pam

This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw,
which resolves multiple security issues with PAM modules.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3316, CVE-2010-3435, and
CVE-2010-3853 to these issues.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not applicable

ESX            4.1       ESX      affected, patch pending
ESX            4.0       ESX      ESX400-201103404-SG
ESX            3.5       ESX      not applicable
ESX            3.0.3     ESX      not applicable

* hosted products are VMware Workstation, Player, Fusion.

d. Service Console update for rpm, rpm-libs, rpm-python, and popt

This patch updates rpm, rpm-libs, and rpm-python RPMs to
4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1,
which resolves a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-2059 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not applicable

ESX            4.1       ESX      affected, patch pending
ESX            4.0       ESX      ESX400-201103406-SG
ESX            3.5       ESX      not applicable
ESX            3.0.3     ESX      not applicable

* hosted products are VMware Workstation, Player, Fusion.

  1. Solution

    Please review the patch/release notes for your product and version
    and verify the checksum of your downloaded file.

    ESXi 4.1 Installable Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_
0
Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.ht
ml
http://kb.vmware.com/kb/1027919

File type: .iso
MD5SUM: d68d6c2e040a87cd04cd18c04c22c998
SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)
File type: .zip
MD5SUM: 2f1e009c046b20042fae3b7ca42a840f
SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)
File type: .zip
MD5SUM: 67b924618d196dafaf268a7691bd1a0f
SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)
File type: .zip
MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4
SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488

VMware Tools CD image for Linux Guest OSes
File type: .iso
MD5SUM: dad66fa8ece1dd121c302f45444daa70
SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client
File type: .exe
MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e
SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESXi Installable Update 1 contains the following security bulletins:
ESXi410-201101201-SG.

ESX 4.1 Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_
0
Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.htm
l
http://kb.vmware.com/kb/1029353

ESX 4.1 Update 1 (DVD ISO)
File type: .iso
md5sum: b9a275b419a20c7bedf31c0bf64f504e
sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)
File type: .zip
md5sum: 2d81a87e994aa2b329036f11d90b4c14
sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798

Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1
File type: .zip
md5sum: 75f8cebfd55d8a81deb57c27def963c2
sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)
File type: .zip
md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2
sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922

VMware Tools CD image for Linux Guest OSes
File type: .iso
md5sum: dad66fa8ece1dd121c302f45444daa70
sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client
File type: .exe
md5sum: cb6aa91ada1289575355d79e8c2a9f8e
sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESX410-Update01 contains the following security bulletins:
ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,
Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904
ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330

ESX410-Update01 also contains the following non-security bulletins
ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,
ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,
ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,
ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,
ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,
ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.

To install an individual bulletin use esxupdate with the -b option.

ESXi 4.0

ESXi400-201103001

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-274-20110303-677
367/ESXi400-201103001.zip
md5sum: a68ef31414573460cdadef4d81fb95d0
sha1sum: 7155e60962b21b5c295a2e9412ac4a445382db31
http://kb.vmware.com/kb/1032823

ESXi400-201103001 containes the following security bulletins:
ESXi400-201103401-SG (openssl) | http://kb.vmware.com/kb/1032820
ESXi400-201103402-SG | http://kb.vmware.com/kb/1032821

ESX 4.0

ESX400-201103001

https://hostupdate.vmware.com/software/VUM/OFFLINE/release-273-20110303-574
144/ESX400-201103001.zip
md5sum: 5b9a0cfe6c0ff1467c09c8d115910ff8
sha1sum: 8bfb5df8066a01704eaa24e4d8a34f371816904b
http://kb.vmware.com/kb/1032822

ESX400-201103001 containes the following security bulletins:
ESX400-201103401-SG (SLPD, openssl, COS kernel)
| http://kb.vmware.com/kb/1032814
ESX400-201103403-SG (JRE, Tomcat) | http://kb.vmware.com/kb/1032815
ESX400-201103404-SG (pam) | http://kb.vmware.com/kb/1032816
ESX400-201103405-SG (bzip2) | http://kb.vmware.com/kb/1032817
ESX400-201103406-SG (popt/rpm) | http://kb.vmware.com/kb/1032818
ESX400-201103407-SG (bind) | http://kb.vmware.com/kb/1032819
5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609

  1. Change log

2011-03-07 VMSA-2011-0004
Initial security advisory in conjunction with the release of VMware
ESX/ESXi 4.0 patches on 2011-03-07

  1. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2011 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFNdceBS2KysvBH1xkRAs3MAJ0ezxEepDLaIgTNPd0v4QBrdw6ssQCfRgPw
XlxhmCY1Md8s4gnoyjDGvnE=
=kJHZ
-----END PGP SIGNATURE-----

Related

openvas 59
vmware 2
nessus 56
debian 1
securityvulns 5
fedora 7
redhat 6
oraclelinux 6
osv 1
centos 4
ubuntu 4
slackware 1
cisa 1
ubuntucve 6
veracode 7
debiancve 7
f5 6
cve 7
prion 7
gentoo 2
cert 3
packetstorm 1
openvas
openvas
VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2012-03-16 00:00:00
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm (VMSA-2011-0004.3)
2012-03-16 00:00:00
Fedora Update for pam FEDORA-2010-17155
2010-12-02 00:00:00
vmware
vmware
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2011-03-07 00:00:00
VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
2011-03-07 00:00:00
nessus
nessus
VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check)
2016-03-04 00:00:00
VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.
2011-03-08 00:00:00
CentOS 5 : bind (CESA-2010:0976)
2010-12-14 00:00:00
debian
debian
[SECURITY] [DSA-2130-1] New BIND packages fix denial of service
2010-12-10 20:27:48
securityvulns
securityvulns
PAM authentuication modules multiple security vulnerabilities
2010-11-08 00:00:00
[ MDVSA-2010:220 ] pam
2010-11-08 00:00:00
bind named DNS server vulnerabilities
2010-12-06 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: pam-1.1.1-6.fc12
2010-11-17 23:16:19
[SECURITY] Fedora 13 Update: pam-1.1.1-6.fc13
2010-11-04 23:28:57
[SECURITY] Fedora 14 Update: pam-1.1.1-6.fc14
2010-11-06 23:42:52
redhat
redhat
(RHSA-2010:0976) Important: bind security update
2010-12-13 00:00:00
(RHSA-2010:0819) Moderate: pam security update
2010-11-01 00:00:00
(RHSA-2010:0975) Important: bind security update
2010-12-13 00:00:00
oraclelinux
oraclelinux
bind security update
2010-12-13 00:00:00
pam security update
2010-11-01 00:00:00
bind security update
2011-02-10 00:00:00
osv
osv
bind9 - denial of service
2010-12-10 00:00:00
centos
centos
bind, caching security update
2010-12-14 01:18:10
pam security update
2010-11-01 21:56:05
popt, rpm security update
2010-09-12 16:21:59
ubuntu
ubuntu
Bind vulnerabilities
2010-12-01 00:00:00
PAM vulnerabilities
2011-05-30 00:00:00
PAM regression
2011-05-31 00:00:00
slackware
slackware
[slackware-security] bind
2010-12-16 21:45:59
cisa
cisa
Internet Systems Consortium BIND Vulnerabilities
2010-12-02 00:00:00
ubuntucve
ubuntucve
CVE-2010-3316
2011-01-24 00:00:00
CVE-2010-3853
2011-01-24 00:00:00
CVE-2010-3762
2010-10-05 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:47:51
Denial Of Service (DoS)
2020-04-10 00:51:03
Privilege Escalation
2020-04-10 00:48:04
debiancve
debiancve
CVE-2010-3853
2011-01-24 18:00:00
CVE-2010-3762
2010-10-05 22:00:00
CVE-2010-3614
2010-12-06 13:44:00
f5
f5
K15172 : BIND vulnerability CVE-2010-3762
2014-04-17 00:00:00
SOL15172 - BIND vulnerability CVE-2010-3762
2014-04-17 00:00:00
K12567 : BIND vulnerability CVE-2010-3614
2013-07-03 00:00:00
cve
cve
CVE-2010-3762
2010-10-05 22:00:00
CVE-2010-3853
2011-01-24 18:00:00
CVE-2010-3614
2010-12-06 13:44:00
prion
prion
Input validation
2010-10-05 22:00:00
Code injection
2011-01-24 18:00:00
Hardcoded credentials
2010-06-08 18:30:00
gentoo
gentoo
BIND: Multiple vulnerabilities
2012-06-02 00:00:00
Linux-PAM: Multiple vulnerabilities
2012-06-25 00:00:00
cert
cert
ISC BIND named validator vulnerability
2010-12-01 00:00:00
ISC BIND cache vulnerability
2010-12-01 00:00:00
OpenSLP denial of service vulnerability
2011-03-21 00:00:00
packetstorm
packetstorm
SLP (Service Location Protocol) Denial Of Service
2011-07-26 00:00:00
JSON
Related for SECURITYVULNS:DOC:25898
openvas59vmware2nessus56debian1securityvulns5fedora7redhat6oraclelinux6osv1centos4ubuntu4slackware1cisa1ubuntucve6veracode7debiancve7f56cve7prion7gentoo2cert3packetstorm1