a. Service Location Protocol daemon DoS

   This patch fixes a denial-of-service vulnerability in    the Service Location Protocol daemon (SLPD). Exploitation of this    vulnerability could cause SLPD to consume significant CPU    resources.

   VMware would like to thank Nicolas Gregoire and US CERT for    reporting this issue to us.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)    has assigned the name CVE-2010-3609 to this issue.

b. Service Console update for bind

   This patch updates the bind-libs and bind-utils RPMs to version    9.3.6-4.P1.el5_5.3, which resolves multiple security issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2010-3613, CVE-2010-3614, and    CVE-2010-3762 to these issues.

c. Service Console update for pam

   This patch updates the pam RPM to pam_0.99.6.2-3.27.5437.vmw,    which resolves multiple security issues with PAM modules.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2010-3316, CVE-2010-3435, and    CVE-2010-3853 to these issues.

d. Service Console update for rpm, rpm-libs, rpm-python, and popt

   This patch updates rpm, rpm-libs, and rpm-python RPMs to    4.4.2.3-20.el5_5.1, and popt to version 1.10.2.3-20.el5_5.1,    which resolves a security issue.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the name CVE-2010-2059 to this issue.

The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries :

  - bind
  - pam
  - popt
  - rpm
  - rpm-libs
  - rpm-python
  - Service Location Protocol daemon (SLPD)

Updated rpm packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded by a system administrator. This could have security implications if a package was upgraded because of a security flaw in a setuid or setgid program.
(CVE-2010-2059)

This update also fixes the following bug :

* A memory leak in the communication between RPM and the Security-Enhanced Linux (SELinux) subsystem, which could have caused extensive memory consumption. In reported cases, this issue was triggered by running rhn_check when errata were scheduled to be applied. (BZ#627630)

All users of rpm are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading or removing packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded or removed by a system administrator. This could have security implications if a package was upgraded or removed because of a security flaw in a setuid or setgid program. (CVE-2005-4889, CVE-2010-2059)

All users of rpm are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading or removing packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded or removed by a system administrator. This could have security implications if a package was upgraded or removed because of a security flaw in a setuid or setgid program. (CVE-2005-4889, CVE-2010-2059)

A vulnerability has been found and corrected in rpm :

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file (CVE-2010-2059).

The updated packages have been patched to correct this issue.

From Red Hat Security Advisory 2010:0678 :

Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.

It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading or removing packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded or removed by a system administrator. This could have security implications if a package was upgraded or removed because of a security flaw in a setuid or setgid program. (CVE-2005-4889, CVE-2010-2059)

All users of rpm are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.

ID	Name	Product	Family	Published	Updated	Severity
52582	VMSA-2011-0004 : VMware ESX/ESXi SLPD denial of service vulnerability and ESX third-party updates for Service Console packages bind, pam, and rpm.	Nessus	VMware ESX Local Security Checks	3/8/2011	1/6/2021	high
89675	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check)	Nessus	Misc.	3/4/2016	1/6/2021	high
49131	RHEL 5 : rpm (RHSA-2010:0679)	Nessus	Red Hat Local Security Checks	9/8/2010	1/14/2021	high
49180	CentOS 4 : rpm (CESA-2010:0678)	Nessus	CentOS Local Security Checks	9/12/2010	1/4/2021	high
49130	RHEL 4 : rpm (RHSA-2010:0678)	Nessus	Red Hat Local Security Checks	9/8/2010	1/14/2021	high
60851	Scientific Linux Security Update : rpm on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	high
49209	Mandriva Linux Security Advisory : rpm (MDVSA-2010:180)	Nessus	Mandriva Local Security Checks	9/13/2010	1/6/2021	high
49204	CentOS 5 : rpm (CESA-2010:0679)	Nessus	CentOS Local Security Checks	9/13/2010	1/4/2021	high
68095	Oracle Linux 4 : rpm (ELSA-2010-0678)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high