ID

VAR-201401-0009


CVE

CVE-2011-1780


TITLE

Xen Service disruption in instruction emulation (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-005254

DESCRIPTION

The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread. Xen is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause the guest and host operating systems to crash, denying service to legitimate users. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/IT Resource Management Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47825 RELEASE DATE: 2012-01-31 DISCUSS ADVISORY: http://secunia.com/advisories/47825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/IT Resource Management, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA47804 The vulnerability is reported in versions 09-10 through 09-10-03, 09-11 through 09-11-04, and 09-50 through 09-50-01. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the seventh regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important) * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate) * A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note: Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate) These updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Tech nical_Notes/kernel.html#RHSA-2011-1065 All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/): 390451 - Pick up paging performance improvements from upstream Xen 431738 - lsattr doesn't show attributes of ext3 quota files 441730 - [rhts] connectathon nfsidem test failing 452650 - [RHEL5.2]: Blktap is limited to 100 disks total 460821 - pv-on-hvm: disk shows up twice. 465876 - NMI Watchdog detected LOCKUP in :sctp:sctp_copy_local_addr_list 477032 - kdump hang on HP xw9400 481546 - HTB qdisc miscalculates bandwidth with TSO enabled 481629 - update myri10g driver from 1.3.2 to 1.5.2 491740 - export of an NFSV3 file system via kerberos requires AUTH_SYS as well 491786 - s2io should check inputs for rx_ring_sz 494927 - Read-only filesystem after 'ext3_free_blocks_sb: bit already cleared for block' errors 501314 - No beep when running xen kernel 511901 - [NFS]: silly renamed .nfs0000* files can be left on fs forever 517629 - Sequence id issue with nfs4/kerberos between RHEL kernel and Fedora 11 525898 - soft lockups with kswapd in RHEL 5.4 kernel 2.6.18-164.el5 x86_64 537277 - KERNEL: QLA2XXX 0000:0E:00.0: RISC PAUSED -- HCCR=0, DUMPING FIRMWARE! 553411 - xts crypto module missing from RHEL5 installer runtime 553803 - GFS2: recovery stuck on transaction lock 567449 - RHEL5.6: iw_cxgb4 driver inclusion 567540 - unregister_netdevice: waiting for veth5 to become free when I remove netloop 579000 - [RFE] Support L2 packets under bonding layer 579858 - Wrong RX bytes/packet count on vlan interface with igb driver 589512 - slab corruption after seeing some nfs-related BUG: warning 603345 - i5k_amb does not work for Intel 5000 Chipset (kernel) 607114 - System panic in pskb_expand_head When arp_validate option is specified in bonding ARP monitor mode 611407 - kvm guest unable to kdump without noapic 621916 - Host panic on cross-vendor migration (RHEL 5.5 guest) 622542 - Xorg failures on machines using intel video card driver 622647 - Reading /proc/locks yelds corrupt data 623979 - synch arch/i386/pci/irq-xen.c 626585 - GFS2: [RFE] fallocate support for GFS2 626974 - nfs: too many GETATTR and ACCESS calls after direct i/o 626977 - [nfs] make close(2) asynchronous when closing nfs o_direct files 627496 - Fix shrinking windows with window scaling 631950 - remove FS-Cache code from NFS 632399 - Misleading message from fs/nfs/file.c:do_vfs_lock() 633196 - testing NMI watchdog ... <4>WARNING: CPU#0: NMI appears to be stuck (62->62)! 635992 - Areca driver, arcmsr, update 637970 - GFS2: Not enough space reserved in gfs2_write_begin and possibly elsewhere. 642388 - ip_nat_ftp not working if ack for "227 Enter Passive mode" packet is lost 643292 - [netfront] ethtool -i should return proper information for netfront device 643872 - [netback] ethtool -i should return proper information for netback device 645343 - ISCSI/multipath hang - must propagate SCSI device deletion to DM mpath 645528 - SIGPROF keeps a large task from ever completing a fork() 645646 - RFE: Virtio nic should be support "ethtool -i virtio nic" 646513 - HP_GETHOSTINFO ioctl always causes mpt controller reset 648572 - virtio GSO makes IPv6 very slow 648657 - fseek()/NFS performance regression between RHEL4 and RHEL5 648854 - linux-2.6.18: netback: take net_schedule_list_lock when removing entry from net_schedule_list 651333 - RHEL5.6: EHCI: AMD periodic frame list table quirk 651409 - BAD SEQID error messages returned by the NFS server 651512 - e1000 driver tracebacks when running under VMware ESX4 652321 - jbd2_stats_proc_init has wrong location. 652369 - temporary loss of path to SAN results in persistent EIO with msync 653286 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. 653828 - bonding failover in every monitor interval with virtio-net driver 654293 - sunrpc: need a better way to set tcp_slot_table_entries in RHEL 5 656836 - Memory leak in virtio-console driver if driver probe routine fails 657166 - XFS causes kernel panic due to double free of log tickets 658012 - NMI panic during xfs forced shutdown 658418 - Kernel warning at boot: i7core_edac: probe of 0000:80:14.0 failed with error -22 659594 - Kernel panic when restart network on vlan with bonding 659715 - cifs: ia64 kernel unaligned access 659816 - Performance counters don't work on HP Magnycours machines 660368 - dm-crypt: backport changes to support xts crypto mode 660661 - fsck.gfs2 reported statfs error after gfs2_grow 660728 - [LSI 5.7 feat] Update megaraid_sas to 5.34 and Include "Thunderbolt" support 660871 - mpctl module doesn't release fasync_struct at file close 661300 - xfstest 222: filesystem on /dev/loop0 is inconsistent 661306 - [Cisco 5.7 FEAT] Update enic driver to version 2.1.1.9 661904 - GFS2: Kernel changes necessary to allow growing completely full filesystems. 663041 - gfs2 FIEMAP oops 663123 - /proc/partitions not updating after creating LUNs via hpacucli 663563 - [ext4/xfstests] 011 caused filesystem corruption after running many times in a loop 664592 - a test unit ready causes a panic on 5.6 (CCISS driver) 664931 - COW corruption using popen(3). 665197 - WARNING: APIC timer calibration may be wrong 665972 - ISVM bit (ECX:31) for CPUID 0x00000001 is missing for HVM on AMD 666080 - GFS2: Blocks not marked free on delete 666304 - scsi_dh_emc gives "error attaching hardware handler" for EMC active-active SANs 666866 - Heavy load on ath5k wireless device makes system unresponsive 667327 - lib: fix vscnprintf() if @size is == 0 667660 - [NetApp 5.7 Bug] Include new NetApp PID entry to the alua_dev_list array in the ALUA hardware handler 667810 - "modprobe ip_conntrack hashsize=NNNN" panics kernel if /etc/modprobe.conf has hashsize=MMMM 668934 - UDP transmit under VLAN causes guest freeze 669603 - incomplete local port reservation 669961 - [NetApp 5.6 Bug] Erroneous TPG ID check in SCSI ALUA Handler 670367 - scsi_dh_emc get_req function should set REQ_FAILFAST flags same as upstream and other modules 670373 - panic in kfree() due to race condition in acpi_bus_receive_event() 671238 - [bonding] crash when adding/removing slaves with master interface down 671595 - Flapping errors (and panic) with bonding and arp_interval while using be2net included in 2.6.18-238 672619 - transmission stops when tap does not consume 672724 - mmapping a read only file on a gfs2 filesystem incorrectly acquires an exclusive glock 672981 - lseek() over NFS is returning an incorrect file length under some circumstances 673058 - kernel panic in pg_init_done - pgpath already deleted 673242 - Time runs too fast in a VM on processors with > 4GHZ freq 673459 - virtio_console driver never returns from selecting for write when the queue is full 673616 - vdso gettimeofday causes a segmentation fault 674175 - Impossible to load sctp module with ipv6 disable=1 674226 - Panic in selinux_bprm_post_apply_creds() due to an empty tty_files list 674298 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO 674514 - xenctx shows nonsensical values for 32-on-64 and HVM domains 675727 - vdso: missing wall_to_monotomic export 675986 - Fix block based fiemap 677703 - [RHEL5.5] Panic in iscsi_sw_tcp_data_ready() 677893 - [TestOnly] gfs regression testing for 5.7 beta 677902 - Incorrect "Speed" is recorded in the file "/proc/net/bonding/bondX" 678073 - qeth: allow channel path changes in recovery 678074 - [usb-audio] unable to set capture mixer levels 678359 - online disk resizing may cause data corruption 678571 - hap_gva_to_gfn_* do not preserve domain context 678618 - gdbsx hypervisor part backport 679120 - qeth: remove needless IPA-commands in offline 679407 - [5.7] niu: Fix races between up/down and get_stats. 679487 - [5.7] net: Fix netdev_run_todo serialization 680329 - sunrpc: reconnect race can lead to socket read corruption 681303 - backport vzalloc and vzalloc_node in support of drivers needing these functions 681586 - Out of vmalloc space 683155 - gfs2: creating large files suddenly slow to a crawl 683978 - need to backport common vpd infrastructure to rhel 5 684795 - missed unlock_page() in gfs2_write_begin() 688646 - intel_iommu domain id exhaustion 688989 - [5.6] sysctl tcp_syn_retries is not honored 689860 - guest with passthrough nic got kernel panic when send system_reset signal in QEMU monitor 689943 - GFS2 causes kernel panic in spectator mode 690555 - GFS2: resource group bitmap corruption resulting in panics and withdraws 692946 - need to backport debugfs_remove_recursive functionality 695357 - dasd: fix race between open and offline 696411 - Missing patch for full use of tcp_rto_min parameter 698432 - [Emulex 5.7] Update lpfc driver to version 8.2.0.96.1p 698879 - The pci resource for vf is not released after hot-removing Intel 82576 NIC 700546 - RHEL5: apparent file system corruption of snapshot fs with qla2xxx driver 702355 - NFS: Fix build break with CONFIG_NFS_V4=n 702652 - provide option to disable HPET 702657 - CVE-2011-1780 kernel: xen: svm: insufficiencies in handling emulated instructions during vm exits 703213 - GFS2: Add "dlm callback owed" glock flag 703416 - host kernel panic while guest running on 10G public bridge. 704497 - VT-d: Fix resource leaks on error paths in intremap code 705324 - cifs: regression in unicode conversion routines when mounting with -o mapchars 705455 - intel-iommu: missing flush prior to removing domains + avoid broken vm/si domain unlinking 705725 - hvm guest time may go backwards on some hosts 706414 - Adding slave to balance-tlb bond device results in soft lockup 709224 - setfacl does not update ctime when changing file permission on ext3/4 711450 - 12% degradation running IOzone with Outcache testing 717068 - Kernel panics during Veritas SF testing. 717742 - [RHEL5.7][kernel-xen] HVM guests hang during installation on AMD systems 720552 - CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify() 720861 - CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.el5.src.rpm i386: kernel-2.6.18-274.el5.i686.rpm kernel-PAE-2.6.18-274.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.el5.i686.rpm kernel-PAE-devel-2.6.18-274.el5.i686.rpm kernel-debug-2.6.18-274.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.el5.i686.rpm kernel-debug-devel-2.6.18-274.el5.i686.rpm kernel-debuginfo-2.6.18-274.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.el5.i686.rpm kernel-devel-2.6.18-274.el5.i686.rpm kernel-headers-2.6.18-274.el5.i386.rpm kernel-xen-2.6.18-274.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.el5.i686.rpm kernel-xen-devel-2.6.18-274.el5.i686.rpm noarch: kernel-doc-2.6.18-274.el5.noarch.rpm x86_64: kernel-2.6.18-274.el5.x86_64.rpm kernel-debug-2.6.18-274.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.el5.x86_64.rpm kernel-devel-2.6.18-274.el5.x86_64.rpm kernel-headers-2.6.18-274.el5.x86_64.rpm kernel-xen-2.6.18-274.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.el5.src.rpm i386: kernel-2.6.18-274.el5.i686.rpm kernel-PAE-2.6.18-274.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-274.el5.i686.rpm kernel-PAE-devel-2.6.18-274.el5.i686.rpm kernel-debug-2.6.18-274.el5.i686.rpm kernel-debug-debuginfo-2.6.18-274.el5.i686.rpm kernel-debug-devel-2.6.18-274.el5.i686.rpm kernel-debuginfo-2.6.18-274.el5.i686.rpm kernel-debuginfo-common-2.6.18-274.el5.i686.rpm kernel-devel-2.6.18-274.el5.i686.rpm kernel-headers-2.6.18-274.el5.i386.rpm kernel-xen-2.6.18-274.el5.i686.rpm kernel-xen-debuginfo-2.6.18-274.el5.i686.rpm kernel-xen-devel-2.6.18-274.el5.i686.rpm ia64: kernel-2.6.18-274.el5.ia64.rpm kernel-debug-2.6.18-274.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-274.el5.ia64.rpm kernel-debug-devel-2.6.18-274.el5.ia64.rpm kernel-debuginfo-2.6.18-274.el5.ia64.rpm kernel-debuginfo-common-2.6.18-274.el5.ia64.rpm kernel-devel-2.6.18-274.el5.ia64.rpm kernel-headers-2.6.18-274.el5.ia64.rpm kernel-xen-2.6.18-274.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-274.el5.ia64.rpm kernel-xen-devel-2.6.18-274.el5.ia64.rpm noarch: kernel-doc-2.6.18-274.el5.noarch.rpm ppc: kernel-2.6.18-274.el5.ppc64.rpm kernel-debug-2.6.18-274.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-274.el5.ppc64.rpm kernel-debug-devel-2.6.18-274.el5.ppc64.rpm kernel-debuginfo-2.6.18-274.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-274.el5.ppc64.rpm kernel-devel-2.6.18-274.el5.ppc64.rpm kernel-headers-2.6.18-274.el5.ppc.rpm kernel-headers-2.6.18-274.el5.ppc64.rpm kernel-kdump-2.6.18-274.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-274.el5.ppc64.rpm kernel-kdump-devel-2.6.18-274.el5.ppc64.rpm s390x: kernel-2.6.18-274.el5.s390x.rpm kernel-debug-2.6.18-274.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-274.el5.s390x.rpm kernel-debug-devel-2.6.18-274.el5.s390x.rpm kernel-debuginfo-2.6.18-274.el5.s390x.rpm kernel-debuginfo-common-2.6.18-274.el5.s390x.rpm kernel-devel-2.6.18-274.el5.s390x.rpm kernel-headers-2.6.18-274.el5.s390x.rpm kernel-kdump-2.6.18-274.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-274.el5.s390x.rpm kernel-kdump-devel-2.6.18-274.el5.s390x.rpm x86_64: kernel-2.6.18-274.el5.x86_64.rpm kernel-debug-2.6.18-274.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debug-devel-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-274.el5.x86_64.rpm kernel-devel-2.6.18-274.el5.x86_64.rpm kernel-headers-2.6.18-274.el5.x86_64.rpm kernel-xen-2.6.18-274.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-274.el5.x86_64.rpm kernel-xen-devel-2.6.18-274.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1780.html https://www.redhat.com/security/data/cve/CVE-2011-2525.html https://www.redhat.com/security/data/cve/CVE-2011-2689.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0001 Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory) CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521 ---------------------------------------------------------------------- 1. Summary VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201201401-SG ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201401-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201404-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. ESX third party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201406-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. e. ESX third party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201407-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. f. ESX third party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201405-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESXi update to third party component python The python third party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi ESXi410-201201401-SG ESXi 4.0 ESXi patch pending ESXi 3.5 ESXi patch pending ESX 4.1 ESX not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 4.1 --------------- ESXi410-201201401 http://downloads.vmware.com/go/selfsupport-download md5sum: BDF86F10A973346E26C9C2CD4C424E88 sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F http://kb.vmware.com/kb/2009143 ESXi410-201201401 contains ESXi410-201201401-SG VMware ESX 4.1 -------------- ESX410-201201001 http://downloads.vmware.com/go/selfsupport-download md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC http://kb.vmware.com/kb/2009142 ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and ESX410-201201407-SG 5. References CVE numbers --- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 --- COS cURL --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 --- COS rpm --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378 --- COS samba --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 --- COS python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 --- python library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 ---------------------------------------------------------------------- 6. Change log 2012-01-30 VMSA-2012-0001 Initial security advisory in conjunction with the release of patches for ESX 4.1 and ESXi 4.1 on 2012-01-30. ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8 f2pLxi537s+ew4dvnYNWlJ8= =OAh4 -----END PGP SIGNATURE----- . On systems without support for hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug could cause fully-virtualized guests to crash or lead to silent memory corruption. (BZ#712884) * A bug in the way the ibmvscsi driver handled interrupts may have prevented automatic path recovery for multipath devices. This bug only affected 64-bit PowerPC systems. (BZ#720929) * The RHSA-2009:1243 update introduced a regression in the way file locking on NFS (Network File System) was handled. This caused applications to hang if they made a lock request on a file on an NFS version 2 or 3 file system that was mounted with the "sec=krb5" option. With this update, the original behavior of using mixed RPC authentication flavors for NFS and locking requests has been restored. (BZ#722854) Users should upgrade to these updated packages, which contain backported patches to resolve these issues

Trust: 2.79

sources: NVD: CVE-2011-1780 // JVNDB: JVNDB-2011-005254 // BID: 48610 // BID: 78576 // BID: 51749 // PACKETSTORM: 109261 // PACKETSTORM: 103239 // PACKETSTORM: 109299 // PACKETSTORM: 104072

AFFECTED PRODUCTS

vendor:xenmodel:xenscope:eqversion:3.0.3

Trust: 2.7

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:openvzmodel:project openvz 028stab089.1scope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:openvzmodel:project openvz 028stab085.2scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:openvzmodel:project openvz 028stab091.1scope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:6.0

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:openvzmodel:project openvz 028stab081.1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:xensourcemodel:xenscope:eqversion:0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.1

Trust: 0.3

vendor:openvzmodel:project openvz 2.6.32-feoktistov.1scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:openvzmodel:project openvzscope:eqversion:2.6.32

Trust: 0.3

vendor:openvzmodel:project openvz 023stab053.2scope: - version: -

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:openvzmodel:project openvz 023stab054.1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp3scope:eqversion:10

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:openvzmodel:project openvz 028stab092.2scope:neversion: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:neversion:6.2

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

vendor:hitachimodel:jp1/it service level management managerscope:eqversion:-09-50

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-50

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-11-02

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-11

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-10-03

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-10

Trust: 0.3

vendor:hitachimodel:jp1/it service level management-managerscope:neversion:09-51

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:neversion:09-50-02

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:neversion:09-11-05

Trust: 0.3

sources: BID: 48610 // BID: 78576 // BID: 51749 // JVNDB: JVNDB-2011-005254 // CNNVD: CNNVD-201107-366 // NVD: CVE-2011-1780

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2011-1780
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201107-366
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2011-1780
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2011-005254 // CNNVD: CNNVD-201107-366 // NVD: CVE-2011-1780

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2011-005254 // NVD: CVE-2011-1780

THREAT TYPE

network

Trust: 0.6

sources: BID: 78576 // BID: 51749

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 78576 // BID: 51749

CONFIGURATIONS

sources: NVD: CVE-2011-1780

PATCH

title:Bug 702657url:https://bugzilla.redhat.com/show_bug.cgi?id=702657

Trust: 0.8

title:RHSA-2011:1163url:http://rhn.redhat.com/errata/rhsa-2011-1163.html

Trust: 0.8

title:RHSA-2011:1065url:http://rhn.redhat.com/errata/rhsa-2011-1065.html

Trust: 0.8

title:Top Pageurl:http://www.xenproject.org/

Trust: 0.8

sources: JVNDB: JVNDB-2011-005254

EXTERNAL IDS

db:NVDid:CVE-2011-1780

Trust: 3.3

db:OPENWALLid:OSS-SECURITY/2011/07/07/3

Trust: 2.7

db:JVNDBid:JVNDB-2011-005254

Trust: 0.8

db:REDHATid:RHSA-2011:1163

Trust: 0.6

db:REDHATid:RHSA-2011:1065

Trust: 0.6

db:SECUNIAid:53555

Trust: 0.6

db:SECUNIAid:47804

Trust: 0.6

db:SECUNIAid:45889

Trust: 0.6

db:SECUNIAid:45328

Trust: 0.6

db:MLISTid:[OSS-SECURITY] 20110707 CVE-2011-1780, CVE-2011-1936, KERNEL/XEN ISSUES

Trust: 0.6

db:CNNVDid:CNNVD-201107-366

Trust: 0.6

db:HITACHIid:HS12-005

Trust: 0.4

db:BIDid:48610

Trust: 0.3

db:BIDid:78576

Trust: 0.3

db:BIDid:51749

Trust: 0.3

db:SECUNIAid:47825

Trust: 0.2

db:PACKETSTORMid:109261

Trust: 0.1

db:PACKETSTORMid:103239

Trust: 0.1

db:PACKETSTORMid:109299

Trust: 0.1

db:PACKETSTORMid:104072

Trust: 0.1

sources: BID: 48610 // BID: 78576 // BID: 51749 // JVNDB: JVNDB-2011-005254 // PACKETSTORM: 109261 // PACKETSTORM: 103239 // PACKETSTORM: 109299 // PACKETSTORM: 104072 // CNNVD: CNNVD-201107-366 // NVD: CVE-2011-1780

REFERENCES

url:http://www.openwall.com/lists/oss-security/2011/07/07/3

Trust: 2.7

url:http://rhn.redhat.com/errata/rhsa-2011-1065.html

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2011-1163.html

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=702657

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1780

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1780

Trust: 0.8

url:http://secunia.com/advisories/45328

Trust: 0.6

url:http://secunia.com/advisories/45889

Trust: 0.6

url:http://secunia.com/advisories/47804

Trust: 0.6

url:http://secunia.com/advisories/53555

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-005/index.html

Trust: 0.4

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-1780

Trust: 0.3

url:http://permalink.gmane.org/gmane.comp.security.oss.general/5435

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-1936

Trust: 0.3

url:http://wiki.openvz.org/download/kernel/rhel5/028stab092.2

Trust: 0.3

url:http://xen.xensource.com/

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100147390

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100148240

Trust: 0.3

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-1780.html

Trust: 0.2

url:https://access.redhat.com/kb/docs/doc-11259

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1780

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2525

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-2525.html

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/advisories/47825/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/47825/#comments

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-005/index.html

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47825

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2689

Trust: 0.1

url:https://docs.redhat.com/docs/en-us/red_hat_enterprise_linux/5/html/5.7_tech

Trust: 0.1

url:https://docs.redhat.com/docs/en-us/red_hat_enterprise_linux/5/html/5.7_technical_notes/kernel.html#rhsa-2011-1065

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-2689.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0711

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2495

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2901

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1166

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1163

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1573

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2525

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1746

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2192

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4649

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4649

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1078

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1170

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1745

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1163

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1936

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1494

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1573

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2689

Trust: 0.1

url:http://downloads.vmware.com/go/selfsupport-download

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2519

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0726

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3560

Trust: 0.1

url:http://kb.vmware.com/kb/2009143

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1763

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1166

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1044

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3493

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1078

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1521

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0711

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1171

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2213

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1079

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0787

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1521

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1577

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2491

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1172

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1172

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0726

Trust: 0.1

url:http://www.vmware.com/security/advisories

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1678

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1182

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1080

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1080

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0695

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1494

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0787

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0695

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2517

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1079

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1044

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720

Trust: 0.1

url:http://kb.vmware.com/kb/2009142

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2022

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1593

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1182

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1170

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2089

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2694

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0547

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1495

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3493

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1576

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3378

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1171

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1495

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1776

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2009-1243.html

Trust: 0.1

sources: BID: 48610 // BID: 78576 // BID: 51749 // JVNDB: JVNDB-2011-005254 // PACKETSTORM: 109261 // PACKETSTORM: 103239 // PACKETSTORM: 109299 // PACKETSTORM: 104072 // CNNVD: CNNVD-201107-366 // NVD: CVE-2011-1780

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 48610

SOURCES

db:BIDid:48610
db:BIDid:78576
db:BIDid:51749
db:JVNDBid:JVNDB-2011-005254
db:PACKETSTORMid:109261
db:PACKETSTORMid:103239
db:PACKETSTORMid:109299
db:PACKETSTORMid:104072
db:CNNVDid:CNNVD-201107-366
db:NVDid:CVE-2011-1780

LAST UPDATE DATE

2024-03-27T21:01:28.280000+00:00


SOURCES UPDATE DATE

db:BIDid:48610date:2013-05-27T14:54:00
db:BIDid:78576date:2014-01-07T00:00:00
db:BIDid:51749date:2012-01-31T00:00:00
db:JVNDBid:JVNDB-2011-005254date:2014-01-09T00:00:00
db:CNNVDid:CNNVD-201107-366date:2014-01-08T00:00:00
db:NVDid:CVE-2011-1780date:2014-01-08T17:46:32.900

SOURCES RELEASE DATE

db:BIDid:48610date:2011-07-07T00:00:00
db:BIDid:78576date:2014-01-07T00:00:00
db:BIDid:51749date:2012-01-31T00:00:00
db:JVNDBid:JVNDB-2011-005254date:2014-01-09T00:00:00
db:PACKETSTORMid:109261date:2012-01-31T06:49:27
db:PACKETSTORMid:103239date:2011-07-21T23:12:27
db:PACKETSTORMid:109299date:2012-01-30T12:12:00
db:PACKETSTORMid:104072date:2011-08-16T12:12:00
db:CNNVDid:CNNVD-201107-366date:2011-07-25T00:00:00
db:NVDid:CVE-2011-1780date:2014-01-07T19:55:05.923