Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ESX patches address an issue loading corrupt virtual disks and update Service Console packages
Informations
Name VMSA-2009-0001 First vendor Publication 2009-01-30
Vendor VMware Last vendor Modification 2009-01-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. Loading a corrupt delta disk may cause ESX to crash

If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts.

A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator.

VMware would like to thank Craig Marshall for reporting this issue.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4914 to this issue.

b. Updated Service Console package net-snmp

Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts.

A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially- crafted request could cause the snmpd server to crash.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4309 to this issue.

c. Updated Service Console package libxml2

An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue.

A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2009-0001.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-399 Resource Management Errors
33 % CWE-189 Numeric Errors (CWE/SANS Top 25)
33 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10025
 
Oval ID: oval:org.mitre.oval:def:10025
Title: Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Description: Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4225
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17828
 
Oval ID: oval:org.mitre.oval:def:17828
Title: USN-673-1 -- libxml2 vulnerabilities
Description: Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents.
Family: unix Class: patch
Reference(s): USN-673-1
CVE-2008-4225
CVE-2008-4226
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s): libxml2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17856
 
Oval ID: oval:org.mitre.oval:def:17856
Title: USN-685-1 -- net-snmp vulnerabilities
Description: Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests.
Family: unix Class: patch
Reference(s): USN-685-1
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18412
 
Oval ID: oval:org.mitre.oval:def:18412
Title: DSA-1666-1 libxml2 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the GNOME XML library.
Family: unix Class: patch
Reference(s): DSA-1666-1
CVE-2008-4225
CVE-2008-4226
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): libxml2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19948
 
Oval ID: oval:org.mitre.oval:def:19948
Title: DSA-1663-1 net-snmp - several vulnerabilities
Description: Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications.
Family: unix Class: patch
Reference(s): DSA-1663-1
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22168
 
Oval ID: oval:org.mitre.oval:def:22168
Title: ELSA-2008:0971: net-snmp security update (Important)
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: patch
Reference(s): ELSA-2008:0971-01
CVE-2008-4309
Version: 6
Platform(s): Oracle Linux 5
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22735
 
Oval ID: oval:org.mitre.oval:def:22735
Title: ELSA-2008:0988: libxml2 security update (Important)
Description: Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Family: unix Class: patch
Reference(s): ELSA-2008:0988-01
CVE-2008-4225
CVE-2008-4226
Version: 13
Platform(s): Oracle Linux 5
Product(s): libxml2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29197
 
Oval ID: oval:org.mitre.oval:def:29197
Title: RHSA-2008:0971 -- net-snmp security update (Important)
Description: Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash. (CVE-2008-4309)
Family: unix Class: patch
Reference(s): RHSA-2008:0971
CESA-2008:0971-CentOS 5
CESA-2008:0971-CentOS 3
CVE-2008-4309
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 5
CentOS Linux 3
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29306
 
Oval ID: oval:org.mitre.oval:def:29306
Title: RHSA-2008:0988 -- libxml2 security update (Important)
Description: Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2008:0988
CESA-2008:0988-CentOS 5
CESA-2008:0988-CentOS 3
CESA-2008:0988-CentOS 2
CVE-2008-4225
CVE-2008-4226
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 5
CentOS Linux 3
CentOS Linux 2
Product(s): libxml2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5909
 
Oval ID: oval:org.mitre.oval:def:5909
Title: VMware ESX Server VMDK Delta Disk Processing Lets Local Administrative Users Deny Service
Description: Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4914
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6171
 
Oval ID: oval:org.mitre.oval:def:6171
Title: Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6219
 
Oval ID: oval:org.mitre.oval:def:6219
Title: Security Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS)
Description: Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4226
Version: 1
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6234
 
Oval ID: oval:org.mitre.oval:def:6234
Title: Security Vulnerabilities in the libxml2 Library Routines xmlBufferResize() May Lead to Denial of Service (DoS)
Description: Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4225
Version: 1
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6353
 
Oval ID: oval:org.mitre.oval:def:6353
Title: Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6360
 
Oval ID: oval:org.mitre.oval:def:6360
Title: Libxml2 Integer Overflow in xmlSAX2Characters() May Let Remote Users Execute Arbitrary Code
Description: Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4226
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6415
 
Oval ID: oval:org.mitre.oval:def:6415
Title: Libxml2 Integer Overflow in xmlBufferResize() Lets Remote Users Deny Service
Description: Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4225
Version: 3
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7025
 
Oval ID: oval:org.mitre.oval:def:7025
Title: DSA-1663 net-snmp -- several vulnerabilities
Description: Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
Family: unix Class: patch
Reference(s): DSA-1663
CVE-2008-0960
CVE-2008-2292
CVE-2008-4309
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7803
 
Oval ID: oval:org.mitre.oval:def:7803
Title: DSA-1666 libxml2 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. Drew Yao discovered that an integer overflow in the xmlSAX2Characters() function may lead to denial of service or the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1666
CVE-2008-4225
CVE-2008-4226
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): libxml2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9860
 
Oval ID: oval:org.mitre.oval:def:9860
Title: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Description: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4309
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9888
 
Oval ID: oval:org.mitre.oval:def:9888
Title: Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Description: Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4226
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 1
Application 1
Application 1

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for libxml2
File : nvt/sles10_libxml21.nasl
2009-10-13 Name : Solaris Update for XML and XSLT libraries 125732-05
File : nvt/gb_solaris_125732_05.nasl
2009-10-13 Name : Solaris Update for XML and XSLT libraries 125731-05
File : nvt/gb_solaris_125731_05.nasl
2009-10-13 Name : SLES10: Security update for net-snmp
File : nvt/sles10_net-snmp.nasl
2009-10-13 Name : SLES10: Security update for libxml2
File : nvt/sles10_libxml23.nasl
2009-10-13 Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-24
File : nvt/gb_solaris_114015_24.nasl
2009-10-13 Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-24
File : nvt/gb_solaris_114014_24.nasl
2009-10-10 Name : SLES9: Security update for net-snmp
File : nvt/sles9p5041460.nasl
2009-10-10 Name : SLES9: Security update for libxml2
File : nvt/sles9p5040640.nasl
2009-10-10 Name : SLES9: Security update for libxml2
File : nvt/sles9p5038083.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8491 (libxml2)
File : nvt/fcore_2009_8491.nasl
2009-07-29 Name : Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
File : nvt/mdksa_2009_156.nasl
2009-06-03 Name : Solaris Update for XML and XSLT libraries 125732-04
File : nvt/gb_solaris_125732_04.nasl
2009-06-03 Name : Solaris Update for XML and XSLT libraries 125731-04
File : nvt/gb_solaris_125731_04.nasl
2009-06-03 Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-22
File : nvt/gb_solaris_114015_22.nasl
2009-06-03 Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-22
File : nvt/gb_solaris_114014_22.nasl
2009-04-09 Name : Mandriva Update for net-snmp MDVSA-2008:225 (net-snmp)
File : nvt/gb_mandriva_MDVSA_2008_225.nasl
2009-04-09 Name : Mandriva Update for libxml2 MDVSA-2008:231 (libxml2)
File : nvt/gb_mandriva_MDVSA_2008_231.nasl
2009-03-23 Name : Ubuntu Update for net-snmp vulnerabilities USN-685-1
File : nvt/gb_ubuntu_USN_685_1.nasl
2009-03-23 Name : Ubuntu Update for libxml2 vulnerabilities USN-673-1
File : nvt/gb_ubuntu_USN_673_1.nasl
2009-03-06 Name : RedHat Update for net-snmp RHSA-2008:0971-01
File : nvt/gb_RHSA-2008_0971-01_net-snmp.nasl
2009-03-06 Name : RedHat Update for libxml2 RHSA-2008:0988-01
File : nvt/gb_RHSA-2008_0988-01_libxml2.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0988 centos3 i386
File : nvt/gb_CESA-2008_0988_libxml2_centos3_i386.nasl
2009-02-27 Name : CentOS Update for net-snmp CESA-2008:0971 centos3 i386
File : nvt/gb_CESA-2008_0971_net-snmp_centos3_i386.nasl
2009-02-27 Name : CentOS Update for net-snmp CESA-2008:0971 centos3 x86_64
File : nvt/gb_CESA-2008_0971_net-snmp_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0988 centos4 x86_64
File : nvt/gb_CESA-2008_0988_libxml2_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0988 centos4 i386
File : nvt/gb_CESA-2008_0988_libxml2_centos4_i386.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0988 centos3 x86_64
File : nvt/gb_CESA-2008_0988_libxml2_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for libxml2 CESA-2008:0988-01 centos2 i386
File : nvt/gb_CESA-2008_0988-01_libxml2_centos2_i386.nasl
2009-02-18 Name : Fedora Core 10 FEDORA-2009-1769 (net-snmp)
File : nvt/fcore_2009_1769.nasl
2009-02-17 Name : Fedora Update for libxml2 FEDORA-2008-9773
File : nvt/gb_fedora_2008_9773_libxml2_fc9.nasl
2009-02-17 Name : Fedora Update for libxml2 FEDORA-2008-9729
File : nvt/gb_fedora_2008_9729_libxml2_fc8.nasl
2009-02-17 Name : Fedora Update for net-snmp FEDORA-2008-9367
File : nvt/gb_fedora_2008_9367_net-snmp_fc9.nasl
2009-02-17 Name : Fedora Update for net-snmp FEDORA-2008-9362
File : nvt/gb_fedora_2008_9362_net-snmp_fc8.nasl
2009-02-16 Name : Fedora Update for net-snmp FEDORA-2008-10451
File : nvt/gb_fedora_2008_10451_net-snmp_fc10.nasl
2009-02-16 Name : Fedora Update for libxml2 FEDORA-2008-10000
File : nvt/gb_fedora_2008_10000_libxml2_fc10.nasl
2009-02-02 Name : SuSE Security Summary SUSE-SR:2009:003
File : nvt/suse_sr_2009_003.nasl
2009-01-26 Name : Gentoo Security Advisory GLSA 200901-15 (net-snmp)
File : nvt/glsa_200901_15.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2008-12-03 Name : Gentoo Security Advisory GLSA 200812-06 (libxml2)
File : nvt/glsa_200812_06.nasl
2008-11-24 Name : FreeBSD Ports: libxml2
File : nvt/freebsd_libxml21.nasl
2008-11-24 Name : Debian Security Advisory DSA 1666-1 (libxml2)
File : nvt/deb_1666_1.nasl
2008-11-19 Name : FreeBSD Ports: net-snmp
File : nvt/freebsd_net-snmp2.nasl
2008-11-19 Name : Debian Security Advisory DSA 1663-1 (net-snmp)
File : nvt/deb_1663_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-324-01 libxml2
File : nvt/esoft_slk_ssa_2008_324_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-320-02 net-snmp
File : nvt/esoft_slk_ssa_2008_320_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52705 VMware ESX / ESXi Malformed VMDK Delta Disk Handling DoS

49993 libxml2 xmlSAX2Characters() Function XML File Parsing Overflow

49992 libxml2 xmlBufferResize() Function XML File Parsing DoS

49524 Net-SNMP getbulk Code Response / Repeat Saturation Remote DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-02-05 IAVM : 2009-B-0006 - Multiple Vulnerabilities in VMware
Severity : Category I - VMSKEY : V0018295

Nessus® Vulnerability Scanner

Date Description
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0018.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0001.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0988.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2013-07-03 Name : The remote host is missing Sun Security Patch number 127682-07
File : solaris9_x86_127682.nasl - Type : ACT_GATHER_INFO
2013-07-03 Name : The remote host is missing Sun Security Patch number 127680-07
File : solaris8_127680.nasl - Type : ACT_GATHER_INFO
2013-07-03 Name : The remote host is missing Sun Security Patch number 127681-07
File : solaris9_127681.nasl - Type : ACT_GATHER_INFO
2013-07-03 Name : The remote host is missing Sun Security Patch number 123922-11
File : solaris9_x86_123922.nasl - Type : ACT_GATHER_INFO
2013-07-03 Name : The remote host is missing Sun Security Patch number 123924-11
File : solaris10_x86_123924.nasl - Type : ACT_GATHER_INFO
2012-09-24 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10038.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081103_net_snmp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081117_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-12-17 Name : The remote network device is affected by multiple remote vulnerabilities.
File : airport_firmware_7_5_2.nasl - Type : ACT_GATHER_INFO
2010-04-27 Name : The remote web server has multiple vulnerabilities.
File : hpsmh_6_0_0_95.nasl - Type : ACT_GATHER_INFO
2010-02-17 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0003.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxml2-5755.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12286.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12298.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12301.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0001.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libsnmp15-081121.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libxml2-081107.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_4.0.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 120955-12
File : solaris10_x86_120955.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 120954-12
File : solaris8_120954.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 123923-12
File : solaris10_123923.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 123920-12
File : solaris8_123920.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 120954-12
File : solaris9_120954.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 123921-12
File : solaris9_123921.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 120955-12
File : solaris9_x86_120955.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-673-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-685-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1769.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0988.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 120954-12
File : solaris10_120954.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10451.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-231.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-225.nasl - Type : ACT_GATHER_INFO
2009-01-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_net-snmp-5807.nasl - Type : ACT_GATHER_INFO
2009-01-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200901-15.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxml2-5802.nasl - Type : ACT_GATHER_INFO
2008-12-03 Name : The remote openSUSE host is missing a security update.
File : suse_libsnmp15-5808.nasl - Type : ACT_GATHER_INFO
2008-12-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200812-06.nasl - Type : ACT_GATHER_INFO
2008-12-01 Name : The remote openSUSE host is missing a security update.
File : suse_libxml2-5799.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libxml2-5756.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote openSUSE host is missing a security update.
File : suse_libxml2-5754.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-324-01.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9773.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9729.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_f1e0164eb67b11dda55e00163e000016.nasl - Type : ACT_GATHER_INFO
2008-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0988.nasl - Type : ACT_GATHER_INFO
2008-11-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1666.nasl - Type : ACT_GATHER_INFO
2008-11-17 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-320-02.nasl - Type : ACT_GATHER_INFO
2008-11-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_daf045d7b21111dda987000c29ca8953.nasl - Type : ACT_GATHER_INFO
2008-11-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1663.nasl - Type : ACT_GATHER_INFO
2008-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9367.nasl - Type : ACT_GATHER_INFO
2008-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9362.nasl - Type : ACT_GATHER_INFO
2008-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0971.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote host is missing Sun Security Patch number 120273-42
File : solaris10_x86_120273.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote host is missing Sun Security Patch number 119467-17
File : solaris10_x86_119467.nasl - Type : ACT_GATHER_INFO
2007-05-20 Name : The remote host is missing Sun Security Patch number 120272-40
File : solaris10_120272.nasl - Type : ACT_GATHER_INFO
2006-11-20 Name : The remote host is missing Sun Security Patch number 123919-12
File : solaris7_123919.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119467-17
File : solaris9_x86_119467.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-11-27 13:28:41
  • Multiple Updates
2014-02-17 12:07:11
  • Multiple Updates
2013-11-11 12:41:38
  • Multiple Updates