U radu programskog paketa cURL, za VMware ESXi, otkriven je i ispravljen jedan sigurnosni nedostatak. Riječ je o besplatnom alatu koji se koristi za prijenos datoteka iz naredbene linije koristeći URL sintaksu, a podržava FTP, HTTP, Gopher, Telnet i Dict protokole. Nedostatak je posljedica neodgovarajućeg rukovanja pojedinim podacima u datoteci "content_encoding.c". Udaljeni ga napadač može iskoristiti za izvođenje DoS (eng. Denial of Service) napada. Svim se korisnicima savjetuje instalacija odgovarajućih sigurnosnih zakrpa.
VMware ESXi curl Security Issue
Secunia Advisory SA43313
Release Date 2011-02-11
Criticality level Less criticalLess critical
Impact DoS
System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Partial Fix
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Operating System
VMware ESXi 3.x
VMware ESXi 4.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
VMware has acknowledged a security issue in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
For more information:
SA38427
Solution
Apply patches if available.
Further details available in Customer Area
Original Advisory
VMSA-2011-0003:
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Other references
Further details available in Customer Area
Posljednje sigurnosne preporuke