Fallo en el Kernel de ESX de Vmware permite elevacion de privilegios.

1. Summary

ESX Service Console OS (COS) kernel update.

2. Relevant releases

VMware ESX 4.1 without patch ESX410-201011001

3. Problem Description

a. Service Console OS update for COS kernel package.

This patch updates the Service Console kernel to fix a stack
pointer underflow issue in the 32-bit compatibility layer.

Exploitation of this issue could allow a local user to gain
additional privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3081 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected

hosted * any any not affected

ESXi any ESXi not affected

ESX 4.1 ESX ESX410-201011402-SG
ESX 4.0 ESX patch pending
ESX 3.x ESX not applicable

* hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.

ESX 4.1
-------
ESX410-201011001
Download link:
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-253-20101122-763
417/ESX410-201011001.zip
md5sum: e73fd3302529c1d85d9cc47457dfb963
sha1sum: c0e0eac907c04105791ac44e288e7d8076dc14e0
http://kb.vmware.com/kb/1029400

ESX410-201011001 contains the following security bulletins:
ESX410-201011402-SG (COS kernel) | http://kb.vmware.com/kb/1029397

ESX410-201011001 also contains the following non-security bulletins
ESX410-201011401-BG

To install an individual bulletin use esxupdate with the -b option.

5. References

CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081

- ------------------------------------------------------------------------

6. Change log

2010-11-29 VMSA-2010-0017
Initial security advisory after release of patches for ESX 4.1
on 2010-11-29

Via:http://lists.vmware.com/pipermail/security-announce/2010/000111.html

Por admin

Deja una respuesta

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock