ID

VAR-201401-0010


CVE

CVE-2011-1763


TITLE

Xen of get_free_port Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-005255

DESCRIPTION

The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port. Xen is prone to a denial-of-service vulnerability. Attackers with DomU user privileges can exploit this issue to cause the application to crash, denying service to legitimate users. Privilege escalation may also be possible; however, this has not been confirmed. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. (CVE-2011-1494, CVE-2011-1495, Important) * A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate) * Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate) * A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. (CVE-2011-1763, Moderate) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low) * A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak. (CVE-2011-1078, Low) * A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low) * A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/): 681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak 681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator 681262 - CVE-2011-1080 kernel: ebtables stack infoleak 682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close 684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat 688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak 688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z] 688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest() 689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace 689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace 689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace 689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z] 689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z] 690134 - Time runs too fast in a VM on processors with > 4GHZ freq [rhel-5.6.z] 690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z] 694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows 695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops 696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z] 697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z] 699808 - dasd: fix race between open and offline [rhel-5.6.z] 701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm ia64: kernel-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm kernel-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-headers-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm ppc: kernel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-headers-2.6.18-238.12.1.el5.ppc.rpm kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm kernel-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-headers-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-0726.html https://www.redhat.com/security/data/cve/CVE-2011-1078.html https://www.redhat.com/security/data/cve/CVE-2011-1079.html https://www.redhat.com/security/data/cve/CVE-2011-1080.html https://www.redhat.com/security/data/cve/CVE-2011-1093.html https://www.redhat.com/security/data/cve/CVE-2011-1163.html https://www.redhat.com/security/data/cve/CVE-2011-1166.html https://www.redhat.com/security/data/cve/CVE-2011-1170.html https://www.redhat.com/security/data/cve/CVE-2011-1171.html https://www.redhat.com/security/data/cve/CVE-2011-1172.html https://www.redhat.com/security/data/cve/CVE-2011-1494.html https://www.redhat.com/security/data/cve/CVE-2011-1495.html https://www.redhat.com/security/data/cve/CVE-2011-1577.html https://www.redhat.com/security/data/cve/CVE-2011-1763.html https://access.redhat.com/security/updates/classification/#important http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0833 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in version 09-50. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0001 Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory) CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521 ---------------------------------------------------------------------- 1. Summary VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201201401-SG ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201401-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201404-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. ESX third party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201406-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. e. ESX third party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201407-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. f. ESX third party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201405-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESXi update to third party component python The python third party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi ESXi410-201201401-SG ESXi 4.0 ESXi patch pending ESXi 3.5 ESXi patch pending ESX 4.1 ESX not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 4.1 --------------- ESXi410-201201401 http://downloads.vmware.com/go/selfsupport-download md5sum: BDF86F10A973346E26C9C2CD4C424E88 sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F http://kb.vmware.com/kb/2009143 ESXi410-201201401 contains ESXi410-201201401-SG VMware ESX 4.1 -------------- ESX410-201201001 http://downloads.vmware.com/go/selfsupport-download md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC http://kb.vmware.com/kb/2009142 ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and ESX410-201201407-SG 5. References CVE numbers --- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 --- COS cURL --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 --- COS rpm --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378 --- COS samba --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 --- COS python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 --- python library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 ---------------------------------------------------------------------- 6. Change log 2012-01-30 VMSA-2012-0001 Initial security advisory in conjunction with the release of patches for ESX 4.1 and ESXi 4.1 on 2012-01-30. ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8 f2pLxi537s+ew4dvnYNWlJ8= =OAh4 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Alerts when vulnerabilities pose a threat to your infrastructure The enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies. Watch our quick solution overview: http://www.youtube.com/user/Secunia#p/a/u/0/M1Y9sJqR2SY ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA44792 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44792/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44792 RELEASE DATE: 2011-06-02 DISCUSS ADVISORY: http://secunia.com/advisories/44792/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44792/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44792 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2011:0833-01: https://rhn.redhat.com/errata/RHSA-2011-0833.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-1763 // JVNDB: JVNDB-2011-005255 // BID: 48048 // BID: 51749 // PACKETSTORM: 101861 // PACKETSTORM: 102134 // PACKETSTORM: 109259 // PACKETSTORM: 109261 // PACKETSTORM: 109299 // PACKETSTORM: 101924

AFFECTED PRODUCTS

vendor:xenmodel:xenscope: - version: -

Trust: 1.4

vendor:xenmodel:xenscope:eqversion:*

Trust: 1.0

vendor:openvzmodel:project openvz 028stab091.1scope:neversion: -

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

vendor:openvzmodel:project openvz 028stab089.1scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:xensourcemodel:xenscope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:6.0

Trust: 0.3

vendor:openvzmodel:project openvz 028stab085.2scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:openvzmodel:project openvz 028stab081.1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5.0

Trust: 0.3

vendor:hitachimodel:jp1/it service level management managerscope:eqversion:-09-50

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-50

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-11-02

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-11

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-10-03

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-10

Trust: 0.3

vendor:hitachimodel:jp1/it service level management-managerscope:neversion:09-51

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:neversion:09-50-02

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:neversion:09-11-05

Trust: 0.3

sources: BID: 48048 // BID: 51749 // JVNDB: JVNDB-2011-005255 // CNNVD: CNNVD-201105-305 // NVD: CVE-2011-1763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1763
value: HIGH

Trust: 1.0

NVD: CVE-2011-1763
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201105-305
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2011-1763
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-005255 // CNNVD: CNNVD-201105-305 // NVD: CVE-2011-1763

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-1763

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201105-305

TYPE

xss

Trust: 0.8

sources: PACKETSTORM: 109259 // PACKETSTORM: 109261 // CNNVD: CNNVD-201201-419

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005255

PATCH

title:Bug 701240url:https://bugzilla.redhat.com/show_bug.cgi?id=701240

Trust: 0.8

title:RHSA-2011:0833url:http://rhn.redhat.com/errata/RHSA-2011-0833.html

Trust: 0.8

title:Top Pageurl:http://www.xenproject.org/

Trust: 0.8

title:kernel-xen-2.6.18-238.12.1.el5.i686url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47368

Trust: 0.6

sources: JVNDB: JVNDB-2011-005255 // CNNVD: CNNVD-201105-305

EXTERNAL IDS

db:NVDid:CVE-2011-1763

Trust: 2.9

db:BIDid:48048

Trust: 0.9

db:BIDid:51749

Trust: 0.9

db:JVNDBid:JVNDB-2011-005255

Trust: 0.8

db:SECUNIAid:47804

Trust: 0.8

db:SECUNIAid:44889

Trust: 0.7

db:SECUNIAid:44792

Trust: 0.7

db:REDHATid:RHSA-2011:0833

Trust: 0.6

db:CNNVDid:CNNVD-201105-305

Trust: 0.6

db:CNNVDid:CNNVD-201201-419

Trust: 0.6

db:HITACHIid:HS12-005

Trust: 0.5

db:SECUNIAid:47825

Trust: 0.2

db:PACKETSTORMid:101861

Trust: 0.1

db:PACKETSTORMid:102134

Trust: 0.1

db:PACKETSTORMid:109259

Trust: 0.1

db:PACKETSTORMid:109261

Trust: 0.1

db:PACKETSTORMid:109299

Trust: 0.1

db:PACKETSTORMid:101924

Trust: 0.1

sources: BID: 48048 // BID: 51749 // JVNDB: JVNDB-2011-005255 // PACKETSTORM: 101861 // PACKETSTORM: 102134 // PACKETSTORM: 109259 // PACKETSTORM: 109261 // PACKETSTORM: 109299 // PACKETSTORM: 101924 // CNNVD: CNNVD-201105-305 // CNNVD: CNNVD-201201-419 // NVD: CVE-2011-1763

REFERENCES

url:http://rhn.redhat.com/errata/rhsa-2011-0833.html

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=701240

Trust: 1.6

url:http://downloads.avaya.com/css/p8/documents/100145416

Trust: 1.0

url:http://xenbits.xensource.com/hg/xen-unstable.hg/rev/2dcdd2fcb945

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1763

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1763

Trust: 0.8

url:http://secunia.com/advisories/44792

Trust: 0.6

url:http://secunia.com/advisories/44889

Trust: 0.6

url:http://secunia.com/advisories/47804

Trust: 0.6

url:http://www.securityfocus.com/bid/48048

Trust: 0.6

url:http://www.securityfocus.com/bid/51749

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-005/index.html

Trust: 0.5

url:http://wiki.openvz.org/download/kernel/rhel5/028stab091.1

Trust: 0.4

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.4

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.4

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.4

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.4

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.4

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-1763

Trust: 0.3

url:http://wiki.openvz.org/main_page

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2012-0001.html

Trust: 0.3

url:http://xen.xensource.com/

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100145416

Trust: 0.3

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1172

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-0726

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1166

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1163

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1170

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1078

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1080

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1495

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1093

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1494

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1079

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1171

Trust: 0.2

url:http://secunia.com/company/jobs/

Trust: 0.2

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-005/index.html

Trust: 0.2

url:https://access.redhat.com/kb/docs/doc-11259

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1170.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1163.html

Trust: 0.1

url:http://docs.redhat.com/docs/en-us/red_hat_enterprise_linux/5/html/5.6_technical_notes/kernel.html#rhsa-2011-0833

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1577

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1763.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1577.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1494.html

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0726.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1079.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1763

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1171.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1093.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1172.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1166.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1080.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1078.html

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:http://bugzilla.redhat.com/):

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-1495.html

Trust: 0.1

url:http://secunia.com/advisories/44889/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44889

Trust: 0.1

url:http://conference.first.org/

Trust: 0.1

url:http://secunia.com/advisories/44889/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47804

Trust: 0.1

url:http://secunia.com/advisories/47804/#comments

Trust: 0.1

url:http://secunia.com/advisories/47804/

Trust: 0.1

url:http://secunia.com/advisories/47825/

Trust: 0.1

url:http://secunia.com/advisories/47825/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47825

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0711

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2495

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2901

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2522

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1015

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1573

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1780

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2525

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1746

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2192

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4649

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4649

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1078

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1745

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1163

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1936

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1494

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1573

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2689

Trust: 0.1

url:http://downloads.vmware.com/go/selfsupport-download

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2519

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0726

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3560

Trust: 0.1

url:http://kb.vmware.com/kb/2009143

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1166

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1044

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3493

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1521

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0711

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1171

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2213

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0787

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1521

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1577

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2491

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2059

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1172

Trust: 0.1

url:http://www.vmware.com/security/advisories

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1678

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1182

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1080

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0695

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0787

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0695

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2517

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1079

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1044

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720

Trust: 0.1

url:http://kb.vmware.com/kb/2009142

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2022

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1593

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1182

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1170

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2089

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2694

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0547

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2059

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3493

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1576

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3378

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1634

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1495

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1776

Trust: 0.1

url:http://secunia.com/advisories/44792/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44792

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/44792/

Trust: 0.1

url:http://www.youtube.com/user/secunia#p/a/u/0/m1y9sjqr2sy

Trust: 0.1

sources: BID: 48048 // BID: 51749 // JVNDB: JVNDB-2011-005255 // PACKETSTORM: 101861 // PACKETSTORM: 102134 // PACKETSTORM: 109259 // PACKETSTORM: 109261 // PACKETSTORM: 109299 // PACKETSTORM: 101924 // CNNVD: CNNVD-201105-305 // CNNVD: CNNVD-201201-419 // NVD: CVE-2011-1763

CREDITS

Petr Matousek

Trust: 0.9

sources: BID: 48048 // CNNVD: CNNVD-201105-305

SOURCES

db:BIDid:48048
db:BIDid:51749
db:JVNDBid:JVNDB-2011-005255
db:PACKETSTORMid:101861
db:PACKETSTORMid:102134
db:PACKETSTORMid:109259
db:PACKETSTORMid:109261
db:PACKETSTORMid:109299
db:PACKETSTORMid:101924
db:CNNVDid:CNNVD-201105-305
db:CNNVDid:CNNVD-201201-419
db:NVDid:CVE-2011-1763

LAST UPDATE DATE

2024-11-19T21:37:45.588000+00:00


SOURCES UPDATE DATE

db:BIDid:48048date:2012-01-31T09:40:00
db:BIDid:51749date:2012-01-31T00:00:00
db:JVNDBid:JVNDB-2011-005255date:2014-01-09T00:00:00
db:CNNVDid:CNNVD-201105-305date:2014-01-08T00:00:00
db:CNNVDid:CNNVD-201201-419date:2012-02-02T00:00:00
db:NVDid:CVE-2011-1763date:2015-09-03T14:20:18.330

SOURCES RELEASE DATE

db:BIDid:48048date:2011-05-31T00:00:00
db:BIDid:51749date:2012-01-31T00:00:00
db:JVNDBid:JVNDB-2011-005255date:2014-01-09T00:00:00
db:PACKETSTORMid:101861date:2011-06-01T03:46:58
db:PACKETSTORMid:102134date:2011-06-09T09:39:37
db:PACKETSTORMid:109259date:2012-01-31T06:49:21
db:PACKETSTORMid:109261date:2012-01-31T06:49:27
db:PACKETSTORMid:109299date:2012-01-30T12:12:00
db:PACKETSTORMid:101924date:2011-06-01T09:30:14
db:CNNVDid:CNNVD-201105-305date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201201-419date:1900-01-01T00:00:00
db:NVDid:CVE-2011-1763date:2014-01-07T19:55:05.890