Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-4609 (GCVE-0-2011-4609)
Vulnerability from cvelistv5 – Published: 2013-05-02 14:00 – Updated: 2024-08-07 00:09
VLAI?
EPSS
Summary
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-02T14:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4609",
"datePublished": "2013-05-02T14:00:00.000Z",
"dateReserved": "2011-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:09:19.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2011-4609
Vulnerability from fkie_nvd - Published: 2013-05-02 14:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78E4362C-F0B7-482C-AABD-F34E35ABCE85",
"versionEndIncluding": "2.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C0577C-6BC7-418F-B2C5-B74800D43418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA795F7-8AAC-42BA-971B-601346704BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CADA314-C0D0-40F8-9019-884F17D0B54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "255E0C0D-0B70-4C10-BF7C-34193AA24C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F424F2F5-D7E4-4A13-A8CF-32D466610BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC4E7AE-BDC4-48F1-9FDE-3F3FAA3F40F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1329215-C53A-40D5-8E9C-F457D092E483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9416576F-A605-45BE-AA01-FEF357A66979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19D5667D-5EA4-4B44-BF8A-9C10506BD4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8E0DCD-8D39-4C89-9B4C-37025D9BE3A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections."
},
{
"lang": "es",
"value": "La funci\u00f3n svc_run en la implementaci\u00f3n RPC en glibc anterior a v2.15 que permite a atacantes remotos causar una denegaci\u00f3n de servicios (consumo de CPU) a trav\u00e9s de una gran n\u00famero de conexiones RPC."
}
],
"id": "CVE-2011-4609",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-02T14:55:01.930",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2014-AVI-480
Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPOS versions antérieures à 6.6R2 | ||
| ESET | Security | Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2 | ||
| Juniper Networks | N/A | CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6 | ||
| Juniper Networks | Junos Space | Junos Space jusqu'à la version 13.3 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2 | ||
| ESET | Security | Network and Security Manager (NSM) version 2012.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Network and Security Manager (NSM) version 2012.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3158",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
},
{
"name": "CVE-2010-3853",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2010-3081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
},
{
"name": "CVE-2012-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
},
{
"name": "CVE-2012-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
},
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2012-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
},
{
"name": "CVE-2014-4827",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
},
{
"name": "CVE-2013-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2013-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2012-0788",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
},
{
"name": "CVE-2010-4755",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
},
{
"name": "CVE-2013-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2014-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
},
{
"name": "CVE-2013-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
},
{
"name": "CVE-2013-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
},
{
"name": "CVE-2010-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
},
{
"name": "CVE-2014-7169",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2011-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
},
{
"name": "CVE-2011-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2014-4825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
},
{
"name": "CVE-2010-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
},
{
"name": "CVE-2012-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
},
{
"name": "CVE-2009-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2014-6271",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2010-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2012-2311",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4830",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
},
{
"name": "CVE-2011-3368",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2014-4828",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
},
{
"name": "CVE-2014-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
},
{
"name": "CVE-2010-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
},
{
"name": "CVE-2012-0831",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2012-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2010-2956",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2014-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
},
{
"name": "CVE-2011-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
},
{
"name": "CVE-2014-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2014-6278",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
},
{
"name": "CVE-2012-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
},
{
"name": "CVE-2011-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-5107",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
},
{
"name": "CVE-2009-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
},
{
"name": "CVE-2010-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
},
{
"name": "CVE-2012-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
},
{
"name": "CVE-2011-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
},
{
"name": "CVE-2010-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-2337",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
},
{
"name": "CVE-2014-3091",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2014-11-13T00:00:00",
"last_revision_date": "2014-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-480",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
}
]
}
CERTA-2012-AVI-759
Vulnerability from certfr_avis - Published: 2012-12-21 - Updated: 2012-12-21
De multiples vulnérabilités ont été corrigées dans VMware vCenter Server Appliance et VMware ESXi. Elles concernent des téléchargement de fichiers arbitraires.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESXi 5.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi 4.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi 4.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server Appliance 5.1",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server Appliance 5.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi 5.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2012-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3404"
},
{
"name": "CVE-2012-3406",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3406"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-3405",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3405"
},
{
"name": "CVE-2012-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2012-12-21T00:00:00",
"last_revision_date": "2012-12-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0018 du 20 d\u00e9cembre 2012 :",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
],
"reference": "CERTA-2012-AVI-759",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware vCenter Server Appliance\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eVMware ESXi\u003c/span\u003e. Elles concernent des t\u00e9l\u00e9chargement\nde fichiers arbitraires.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMSA-2012-0018 du 20 d\u00e9cembre 2012",
"url": null
}
]
}
CERTA-2013-AVI-146
Vulnerability from certfr_avis - Published: 2013-02-22 - Updated: 2013-02-22
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX version 4.0 | ||
| VMware | N/A | VMware ESX version 4.1 | ||
| VMware | vCenter Server | VMware vCenter Server version 5.1 | ||
| VMware | ESXi | VMware ESXi version 3.5 | ||
| VMware | ESXi | VMware ESXi version 5.0 | ||
| VMware | ESXi | VMware ESXi version 5.1 | ||
| VMware | N/A | VMware ESX version 3.5 | ||
| VMware | ESXi | VMware ESXi version 4.1 | ||
| VMware | ESXi | VMware ESXi version 4.0 | ||
| VMware | vCenter Server | VMware vCenter Server version 5.0 | ||
| VMware | N/A | VMware VirtualCenter version 4.0 | ||
| VMware | vCenter Server | VMware vCenter Server version 4.0 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 5.1",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 3.5",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.1",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.0",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 5.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware VirtualCenter version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server version 4.0",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2012-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4244"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3404"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-1405",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1405"
},
{
"name": "CVE-2012-6324",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6324"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2012-3406",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3406"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-6326",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6326"
},
{
"name": "CVE-2013-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1659"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-3405",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3405"
},
{
"name": "CVE-2012-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3480"
},
{
"name": "CVE-2012-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6325"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
}
],
"initial_release_date": "2013-02-22T00:00:00",
"last_revision_date": "2013-02-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 VMSA-2012-0018 VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": "http://www.vmware.com/security/advisories/VMSA-2013-0003.html"
}
],
"reference": "CERTA-2013-AVI-146",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0018 du 21 f\u00e9vrier 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0003 du 21 f\u00e9vrier 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2013-0001 du 21 f\u00e9vrier 2013",
"url": null
}
]
}
CERTA-2012-AVI-479
Vulnerability from certfr_avis - Published: 2012-09-03 - Updated: 2012-09-03
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :
- Java Runtime Environment (JRE) ;
- OpenSSL ;
- le noyau ;
- Perl ;
- libxml2 ;
- glibc ;
- GnuTLS ;
- popt et rpm ;
- Apache struts.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX version 4.1 ; | ||
| VMware | N/A | VMware vCO version 4.0. | ||
| VMware | N/A | VMware vCenter version 5.0 ; | ||
| VMware | N/A | VMware vCOps version 1.0.x ; | ||
| VMware | ESXi | VMware ESXi version 3.5 ; | ||
| VMware | N/A | VMware Update Manager version 5.0 ; | ||
| VMware | N/A | VMware Update Manager version 4.0 ; | ||
| VMware | N/A | VMware vCO version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 4.1 ; | ||
| VMware | N/A | VMware vCenter version 4.0 ; | ||
| VMware | N/A | VMware vCenter version 4.1 ; | ||
| VMware | N/A | VMware vCOps version 5.0.2 ; | ||
| VMware | ESXi | VMware ESXi version 4.0 ; | ||
| VMware | N/A | VMware VirtualCenter version 2.5 ; | ||
| VMware | N/A | VMware Update Manager version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 5.0 ; | ||
| VMware | N/A | VMware ESX version 4.0 ; | ||
| VMware | N/A | VMware ESX version 3.5 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 1.0.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 3.5 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.1 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 5.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware VirtualCenter version 2.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1833"
},
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2011-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4132"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2012-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
},
{
"name": "CVE-2011-5057",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5057"
},
{
"name": "CVE-2010-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-2496",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2496"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2012-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
},
{
"name": "CVE-2011-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4324"
},
{
"name": "CVE-2011-4110",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4110"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2012-1583",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0060"
},
{
"name": "CVE-2012-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
},
{
"name": "CVE-2011-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4325"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0061"
},
{
"name": "CVE-2010-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2011-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3209"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2012-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0392"
},
{
"name": "CVE-2012-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
},
{
"name": "CVE-2012-0815",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0815"
},
{
"name": "CVE-2011-3188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
},
{
"name": "CVE-2011-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1020"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
},
{
"name": "CVE-2011-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4128"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2484"
},
{
"name": "CVE-2012-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0393"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2011-3363",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3363"
},
{
"name": "CVE-2011-2699",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2699"
},
{
"name": "CVE-2011-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2012-09-03T00:00:00",
"last_revision_date": "2012-09-03T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-479",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n- Java Runtime Environment (JRE) ;\n- OpenSSL ;\n- le noyau ;\n- Perl ;\n- libxml2 ;\n- glibc ;\n- GnuTLS ;\n- popt et rpm ;\n- Apache struts.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html"
}
]
}
CERTA-2013-AVI-267
Vulnerability from certfr_avis - Published: 2013-04-23 - Updated: 2013-04-23
De multiples vulnérabilités ont été corrigées dans Avaya Communication Manager. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Avaya Communication Manager versions antérieures à 5.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eAvaya Communication Manager versions ant\u00e9rieures \u00e0 5.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
},
{
"name": "CVE-2010-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2011-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
},
{
"name": "CVE-2011-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2013-04-23T00:00:00",
"last_revision_date": "2013-04-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-094 du 19 avril 2013",
"url": "https://downloads.avaya.com/css/P8/documents/100157565"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-155 du 19 avril 2013",
"url": "https://downloads.avaya.com/css/P8/documents/100160531"
}
],
"reference": "CERTA-2013-AVI-267",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-04-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Communication Manager\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Communication Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya du 19 avril 2013",
"url": null
}
]
}
GSD-2011-4609
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-4609",
"description": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.",
"id": "GSD-2011-4609",
"references": [
"https://www.suse.com/security/cve/CVE-2011-4609.html",
"https://access.redhat.com/errata/RHSA-2012:0126",
"https://access.redhat.com/errata/RHSA-2012:0125",
"https://access.redhat.com/errata/RHSA-2012:0058",
"https://alas.aws.amazon.com/cve/html/CVE-2011-4609.html",
"https://linux.oracle.com/cve/CVE-2011-4609.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-4609"
],
"details": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.",
"id": "GSD-2011-4609",
"modified": "2023-12-13T01:19:05.932204Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=767299",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4609"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=767299",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2013-05-03T04:00Z",
"publishedDate": "2013-05-02T14:55Z"
}
}
}
GHSA-CRF6-458W-XW5Q
Vulnerability from github – Published: 2022-05-17 05:10 – Updated: 2022-05-17 05:10
VLAI?
Details
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
{
"affected": [],
"aliases": [
"CVE-2011-4609"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-05-02T14:55:00Z",
"severity": "MODERATE"
},
"details": "The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.",
"id": "GHSA-crf6-458w-xw5q",
"modified": "2022-05-17T05:10:42Z",
"published": "2022-05-17T05:10:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4609"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=767299"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…