KLA10452
Multiple vulnerabilities in VMware products
Обновлено: 17/06/2019
Дата обнаружения
27/01/2015
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges or cause denial of service.

Below is a complete list of vulnerabilities

  1. Vectors related to file write can be exploited locally;
  2. Improper input validation can be exploited locally;
  3. An obsolete version of SSL can be exploited remotely;
  4. An obsolete version of libxml2 can be exploited remotely.
Пораженные продукты

VMware Workstation 10 versions earlier than 10.0.5
VMware Player 6 versions earlier than 6.0.5
VMware Fusion 7 versions earlier than 7.0.1
VMware Fusion 6 versions earlier than 6.0.5
VMware vCenter Server 5.5 earlier than update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
ESXi 5.1 without patch ESXi510-201404101-SG
ESXi 5.0 without patch ESXi500-201405101-SG

Решение

Update to latest version
Get VMware products

Первичный источник обнаружения
VMSA
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

LoI 
[?]
Связанные продукты
VMware Workstation
VMware Player
VMware Server
VMware vCenter Converter Standalone
VMware vSphere Client
VMware Fusion
CVE-IDS
CVE-2014-35664.3Warning
CVE-2014-35684.3Warning
CVE-2014-36605.0Critical
CVE-2015-10433.3Warning
CVE-2015-10443.3Warning
CVE-2014-35137.1High
CVE-2014-35677.1High
CVE-2014-83706.4High