Summary
The remote ESXi is missing one or more security related Updates from VMSA-2011-0004.3.
Summary
Service Location Protocol daemon (SLPD) denial of service issue and ESX 4.0 Service Console OS (COS) updates for bind, pam, and rpm.
Relevant releases
VMware ESXi 4.1 without patch ESXi410-201101201-SG.
VMware ESXi 4.0 without patch ESXi400-201103401-SG.
VMware ESX 4.1 without patches ESX410-201101201-SG, ESX410-201104407-SG and ESX410-201110207-SG.
VMware ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103404-SG, ESX400-201103406-SG and ESX400-201103407-SG.
Problem Description
a. Service Location Protocol daemon DoS
This patch fixes a denial-of-service vulnerability in the Service Location Protocol daemon (SLPD). Exploitation of this vulnerability could cause SLPD to consume significant CPU resources.
b. Service Console update for bind
This patch updates the bind-libs and bind-utils RPMs to version 9.3.6-4.P1.el5_5.3, which resolves multiple security issues.
c. Service Console update for pam
This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw, which resolves multiple security issues with PAM modules.
d. Service Console update for rpm, rpm-libs, rpm-python, and popt
This patch updates rpm, rpm-libs, and rpm-python RPMs to 4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1, which
resolves a security issue.
Solution
Apply the missing patch(es).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2059, CVE-2010-3316, CVE-2010-3435, CVE-2010-3609, CVE-2010-3613, CVE-2010-3614, CVE-2010-3762, CVE-2010-3853 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2012-0006 VMware ESXi and ESX address several security issues
- VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX Service Console
- VMSA-2012-0011 VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues.
- VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
- VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation