[Japanese]
|
JVNDB-2013-000085
|
VMware ESX and ESXi vulnerable to buffer overflow
|
VMware ESX and ESXi contains a buffer overflow vulnerability.
Shanon Olsson reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 7.5 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
VMware
- VMware ESX 4.1 without patch ESX410-201201401-SG
- VMware ESX 4.0 without patch ESX400-201203401-SG
- VMware ESXi 5.0 without patch ESXi500-201203101-SG
- VMware ESXi 4.1 without patch ESXi410-201201401-SG
- VMware ESXi 4.0 without patch ESXi400-201203401-SG
|
It has been confirmed that ESX and ESXi version 5.1 are not affected.
|
A remote attacker may cause a denial-of-service (DoS) or execute arbitrary code.
|
[Apply an Update]
Apply the latest update for the version of the software being used.
|
VMware
|
- Buffer Errors(CWE-119) [IPA Evaluation]
|
- CVE-2013-3657
|
- JVN : JVN#19847770
- National Vulnerability Database (NVD) : CVE-2013-3657
- IPA SECURITY ALERTS : Security Alert for Vulnerability in VMware Products (JVN#72911629)(JVN#19847770) (in Japanese)
- Related Information : ESXi CIM Services Authentication Bypass and Remote Code Execution Vulnerabilities
|
- [2013/09/06]
Web page was published
[2013/09/09]
References : Content was added
[2013/09/11]
References : Content was added
|