ID CVE-2011-1785
Summary VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:esx:4.0
    cpe:2.3:a:vmware:esx:4.0
  • cpe:2.3:a:vmware:esx:4.1
    cpe:2.3:a:vmware:esx:4.1
  • cpe:2.3:a:vmware:esxi:4.0
    cpe:2.3:a:vmware:esxi:4.0
  • cpe:2.3:a:vmware:esxi:4.1
    cpe:2.3:a:vmware:esxi:4.1
CVSS
Base: 7.8 (as of 04-05-2011 - 15:59)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0007.NASL
    description a. ESX/ESXi Socket Exhaustion By sending malicious network traffic to an ESXi or ESX host an attacker could exhaust the available sockets which would prevent further connections to the host. In the event a host becomes inaccessible its virtual machines will continue to run and have network connectivity but a reboot of the ESXi or ESX host may be required in order to be able to connect to the host again. ESXi and ESX hosts may intermittently lose connectivity caused by applications that do not correctly close sockets. If this occurs an error message similar to the following may be written to the vpxa log : socket() returns -1 (Cannot allocate memory) An error message similar to the following may be written to the vmkernel logs : socreate(type=2, proto=17) failed with error 55 VMware would like to thank Jimmy Scott at inet-solutions.be for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-1785 to this issue. b. Likewise package update Updates to the vmware-esx-likewise-openldap and vmware-esx-likewise-krb5 packages address several security issues. One of the vulnerabilities is specific to Likewise while the other vulnerabilities are present in the MIT version of krb5. An incorrect assert() call in Likewise may lead to a termination of the Likewise-open lsassd service if a username with an illegal byte sequence is entered for user authentication when logging in to the Active Directory domain of the ESXi/ESX host. This would lead to a denial of service. The MIT-krb5 vulnerabilities are detailed in MITKRB5-SA-2010-007. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1786 (Likewise-only issue), CVE-2010-1324, CVE-2010-1323, CVE-2010-4020, CVE-2010-4021 to these issues. c. ESX third-party update for Service Console kernel The Service Console kernel is updated to include a fix for a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2240 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 53592
    published 2011-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53592
    title VMSA-2011-0007 : VMware ESXi and ESX Denial of Service and third-party updates for Likewise components and ESX Service Console
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0007_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - Multiple forgery vulnerabilities exist in the bundled version of MIT Kerberos 5 (krb5). An attacker can exploit these issues to impersonate a client, escalate privileges, and disclose sensitive information. (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021) - A local arbitrary code execution vulnerability exists in the Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. A local attacker can exploit this vulnerability to execute arbitrary code. (CVE-2010-2240) - A denial of service vulnerability exists that allows a remote attacker to exhaust available sockets, preventing further connections. (CVE-2011-1785) - A denial of service vulnerability exists in the bundled version of lsassd in Likewise Open. A remote attacker can exploit this, via an Active Directory login attempt that provides a username containing an invalid byte sequence, to cause a daemon crash. (CVE-2011-1786)
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89676
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89676
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check)
oval via4
accepted 2011-12-05T04:00:14.677-05:00
class vulnerability
contributors
name Aslesha Nargolkar
organization Hewlett-Packard
definition_extensions
  • comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
  • comment VMware ESX Server 4.1 is installed
    oval oval:org.mitre.oval:def:13012
description VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.
family unix
id oval:org.mitre.oval:def:13242
status accepted
submitted 2011-09-06T11:35:29.000-05:00
title Firmware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
version 7
refmap via4
bid 47627
bugtraq 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
confirm
mlist [security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
osvdb 72118
sectrack 1025452
sreason 8240
xf vmware-esxserver-socket-dos(67195)
Last major update 26-01-2012 - 22:59
Published 03-05-2011 - 18:55
Last modified 09-10-2018 - 15:32
Back to Top