The remote ESXi is missing one or more security related Updates from VMSA-2012-0006. Summary VMware ESXi and ESX address several security issues. Relevant releases ESXi 4.1 without patch ESXi410-201101201-SG ESXi 4.0 without patch ESXi400-201203401-SG ESXi 3.5 without patch ESXe350-201203401-I-SG ESX 4.1 without patch ESX410-201101201-SG ESX 4.0 without patches ESX400-201203401-SG, ESX400-201203407-SG ESX 3.5 without patch ESX350-201203401-SG Problem Description a. VMware ROM Overwrite Privilege Escalation A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2 32-bit. b. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-400.2.6.18-220.127.116.111731 to fix multiple security issues in the COS kernel. c. ESX third party update for Service Console krb5 RPM This patch updates the krb5-libs and krb5-workstation RPMs to version 1.6.1-63.el5_7 to resolve a security issue. Solution Apply the missing patch(es).
Updated on 2015-03-25
CVE CVE-2011-2482, CVE-2011-3191, CVE-2011-4348, CVE-2011-4862, CVE-2012-1515
CVSS Base Score: 10.0
- VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities
- VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.
- VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues
- VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
- VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities