VMSA-2012-0008Executive Summary
| Summary | |
|---|---|
| Title | VMware ESX updates to ESX Service Console |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2012-0008 | First vendor Publication | 2012-04-26 |
| Vendor | VMware | Last vendor Modification | 2012-09-13 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to these issues. b. Updated ESX Service Console package libxml2 The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2012-0008.html |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-189 | Numeric Errors |
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| CWE-399 | Resource Management Errors |
| CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12148 | |||
| Oval ID: | oval:org.mitre.oval:def:12148 | ||
| Title: | Vulnerability in libxml2 in Google Chrome before 7.0.517.44 | ||
| Description: | libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4008 |
Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 |
Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14410 | |||
| Oval ID: | oval:org.mitre.oval:def:14410 | ||
| Title: | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | ||
| Description: | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2834 |
Version: | 9 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 |
Product(s): | Google Chrome |
| Definition Synopsis: | |||
|
|||
| Definition Id: oval:org.mitre.oval:def:14761 | |||
| Oval ID: | oval:org.mitre.oval:def:14761 | ||
| Title: | libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3905 |
Version: | 9 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 |
Product(s): | Google Chrome |
| Definition Synopsis: | |||
|
|||
| Definition Id: oval:org.mitre.oval:def:14504 | |||
| Oval ID: | oval:org.mitre.oval:def:14504 | ||
| Title: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Description: | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3919 |
Version: | 8 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 |
Product(s): | Google Chrome |
| Definition Synopsis: | |||
|
|||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78148 | Google Chrome libxml2 parser.c xmlStringLenDecodeEntities() Function Remote O... |
| 77707 | Google Chrome libxml Out-of-bounds Read Remote DoS |
| 75560 | Google Chrome Double-free libxml XPath Handling Remote Code Execution |
| 74910 | Linux Kernel fs/cifs/cifssmb.c CIFSFindNext() Function Signedness Error CIFS ... |
| 73994 | Apple Safari libxml XML Data Handling Off-by-one Overflow |
| 73248 | libxml2 xpath.c Xpath Nodeset Processing Overflow |
| 69205 | libxml2 Crafted XML File XPath Axis Traversal DoS |
(Critical)
(High)
(Medium)
