Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
VMSA-2015-0007: VMware ESXi OpenSLP Remote Code Execution
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
VMware vCenter and ESXi updates address critical security issues.
Insight
Insight
VMware ESXi OpenSLP Remote Code Execution VMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely on the ESXi host. VMware vCenter Server JMX RMI Remote Code Execution VMware vCenter Server contains a remotely accessible JMX RMI service that is not securely configured. An unauthenticated remote attacker that is able to connect to the service may be able use it to execute arbitrary code on the vCenter server. VMware vCenter Server vpxd denial-of-service vulnerability VMware vCenter Server does not properly sanitize long heartbeat messages. Exploitation of this issue may allow an unauthenticated attacker to create a denial-of-service condition in the vpxd service.
Affected Software
Affected Software
VMware ESXi 5.5 without patch ESXi550-201509101 VMware ESXi 5.1 without patch ESXi510-201510101 VMware ESXi 5.0 without patch ESXi500-201510101 VMware vCenter Server 6.0 prior to version 6.0 update 1 VMware vCenter Server 5.5 prior to version 5.5 update 3 VMware vCenter Server 5.1 prior to version 5.1 update u3b VMware vCenter Server 5.0 prior to version 5.u update u3e
Detection Method
Detection Method
Checks for missing patches.
Solution
Solution
Apply the missing patch(es).