U radu jezgre operacijskog sustava otkriveni su višestruki sigurnosni propusti. Riječ je o središnjem dijelu sustava zaduženom za obavljanje osnovnih zadataka što uključuje upravljanje sklopovljem, procesima, ulazno-izlaznim jedinicama, itd. Propusti su uzrokovani greškama u brojnim funkcijama, kao npr. "load_elf_binary", "ext4_decode_error", "print_fatal_signal" te nepravilnostima u pojedinim datotekama. Napadaču omogućuju izvođenje DoS napada, otkrivanje osjetljivih podataka, zaobilaženje postavljenih ograničenja te stjecanje većih ovlasti. Za uvid u ostale propuste savjetuje se pregled izvorne preporuke. Korisnicima se preporuča nadogradnja.

VMware ESX Server Multiple Kernel Vulnerabilities
Secunia Advisory 	SA43315 	
Release Date 	2011-02-11
Criticality level 	Less criticalLess critical
Impact 	Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Partial Fix
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	VMware ESX Server 4.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2009-4308 CVSS available in Customer Area
CVE-2010-0003 CVSS available in Customer Area
CVE-2010-0007 CVSS available in Customer Area
CVE-2010-0008 CVSS available in Customer Area
CVE-2010-0291 CVSS available in Customer Area
CVE-2010-0307 CVSS available in Customer Area
CVE-2010-0410 CVSS available in Customer Area
CVE-2010-0415 CVSS available in Customer Area
CVE-2010-0437 CVSS available in Customer Area
CVE-2010-0622 CVSS available in Customer Area
CVE-2010-0730 CVSS available in Customer Area
CVE-2010-1084 CVSS available in Customer Area
CVE-2010-1085 CVSS available in Customer Area
CVE-2010-1086 CVSS available in Customer Area
CVE-2010-1087 CVSS available in Customer Area
CVE-2010-1088 CVSS available in Customer Area
CVE-2010-1173 CVSS available in Customer Area
CVE-2010-1187 CVSS available in Customer Area
CVE-2010-1436 CVSS available in Customer Area
CVE-2010-1437 CVSS available in Customer Area
CVE-2010-1641 CVSS available in Customer Area
CVE-2010-2066 CVSS available in Customer Area
CVE-2010-2070 CVSS available in Customer Area
CVE-2010-2226 CVSS available in Customer Area
CVE-2010-2248 CVSS available in Customer Area
CVE-2010-2521 CVSS available in Customer Area
CVE-2010-2524 CVSS available in Customer Area
CVE-2010-3081 CVSS available in Customer Area
	   	

Description

VMware has acknowledged some security issues and vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose potentially sensitive information, conduct DNS cache poisoning attacks, and gain escalated privileges, and by malicious people to cause a DoS.

For more information:
SA37658
SA38133
SA38229
SA38317
SA38354
SA38499
SA38502
SA38594
SA38718
SA39982
SA40205
SA40691
SA41321
SA41462

Solution
Apply patches if available.
Further details available in Customer Area
Original Advisory
VMSA-2011-0003:
http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Other references
Further details available in Customer Area